Merge remote-tracking branch 'upstream/master'

* upstream/master: (52 commits) [redmine] add ingress (helm#1336) [stable/jenkins] Use imageTag as version in config map (helm#1333) - Bump to latest Minio release (helm#1304) Update k8s-dashboard note when ingress is enabled (helm#1339) Update etcd-operator to latest release (helm#1248) [stable/nginx-ingress] Add hostNetwork option (helm#1250) Update the CONTRIBUTING.md to reflect the new #helm-users and #helm-dev channels (helm#1315) Submit stable Voyager chart (helm#954) [datadog] Add optional kube-state-metrics pod (helm#1011) [stable/prestashop] Release 0.4.10 (helm#1267) [stable/wordpress] Release 0.6.5 (helm#1270) [stable/phabricator] Release 0.4.9 (helm#1281) [stable/drupal] Release 0.6.2 (helm#1268) Bump aws-cluster-autoscaler to latest. (helm#1101) Use memcached modern recommended options instead (helm#1221) Update NOTES.txt (helm#1316) Rename MARIADB_PORT env var to MARIADB_PORT_NUMBER (helm#1210) Rename POSTGRESQL_PORT env var to POSTGRESQL_PORT_NUMBER (helm#1189) Kubernetes Dashboard Chart (helm#808) Add best practices to requirements (helm#1305) ...
lachie83 · Jun 24, 2017 · 0623dd5 · 0623dd5
2 parents 5f492a6 + 9d0c9be
commit 0623dd5
Show file tree

Hide file tree

Showing 175 changed files with 3,748 additions and 310 deletions.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -49,6 +49,9 @@ This repository is used by Chart developers for maintaining the official charts
 * Provide a secure default configuration
 * Do not leverage alpha features of Kubernetes
 * Includes a [NOTES.txt](https://github.com/kubernetes/helm/blob/master/docs/charts.md#chart-license-readme-and-notes) explaining how to use the application after install
+* Follows [best practices](https://github.com/kubernetes/helm/tree/master/docs/chart_best_practices)
+  (especially for [labels](https://github.com/kubernetes/helm/blob/master/docs/chart_best_practices/labels.md)
+  and [values](https://github.com/kubernetes/helm/blob/master/docs/chart_best_practices/values.md))
 
 #### Documentation requirements
 
@@ -71,6 +74,7 @@ Once the Chart has been merged, the release job will automatically run in the CI
 Whether you are a user or contributor, official support channels include:
 
 - GitHub issues: https://github.com/kubenetes/charts/issues/new
-- Slack: #Helm room in the [Kubernetes Slack](http://slack.kubernetes.io/)
+- Slack: Helm Users - #Helm-users room in the [Kubernetes Slack](http://slack.kubernetes.io/)
+- Slack: Helm Developers - #Helm-dev room in the [Kubernetes Slack](http://slack.kubernetes.io/)
 
 Before opening a new issue or submitting a new pull request, it's helpful to search the project - it's likely that another user has already reported the issue you're facing, or it's a known issue that we're already aware of.
diff --git a/incubator/istio/Chart.yaml b/incubator/istio/Chart.yaml
@@ -1,12 +1,12 @@
 apiVersion: v1
 description: Istio Helm chart for Kubernetes
 name: istio
-version: 0.1.6
-appVersion: 0.1.5
+version: 0.2.1
+appVersion: 0.1.6
 home: https://istio.io/
 icon: https://raw.githubusercontent.com/istio/istio.github.io/master/favicons/mstile-150x150.png
 sources:
   - https://github.com/istio/istio
 maintainers:
   - name: lachie83
-    email: lachlan.evenson@microsoft.com
+    email: lachlan.evenson@microsoft.com
diff --git a/incubator/istio/README.md b/incubator/istio/README.md
@@ -4,7 +4,7 @@
 
 ## TL;DR;
 
-> **Note**: Istio manager currently looks for hardcoded configmap of name "istio" in the installed namespace which means that you can only install the chart once per namespace.
+> **Note**: Istio pilot currently looks for hardcoded configmap of name "istio" in the installed namespace which means that you can only install the chart once per namespace.
 
 ```console
 $ helm repo add incubator http://storage.googleapis.com/kubernetes-charts-incubator
@@ -21,7 +21,13 @@ This chart bootstraps a [Istio](https://istio.io/) deployment on a [Kubernetes](
 - istioctl - See installation steps [here](https://istio.io/docs/tasks/installing-istio.html#installation-steps)
 
 ## RBAC
-By default the chart will install the associated RBAC roles and rolebindings using beta annotations.
+By default the chart is installed without associated RBAC roles and rolebindings. If you would like to install the provided roles and rolebindings please do the following:
+
+```
+$ helm install incubator/istio --set rbac.install=true
+```
+
+This will install the associated RBAC roles and rolebindings using beta annotations.
 
 To determine if your cluster supports this running the following:
 
@@ -42,18 +48,17 @@ If the output contains "beta" or both "alpha" and "beta" you can proceed with no
 By default the RBAC resources are generated with the "v1beta1" apiVersion. To use "v1alpha1" do the following:
 
 ```console
-$ helm install --name my-release incubator/istio --set rbac.apiVersion=v1alpha1
+$ helm install --name my-release incubator/istio --set rbac.install=true,rbac.apiVersion=v1alpha1
 ```
 
-
 If it does not. Follow the steps below to disable.
 
 ### Disable RBAC role/rolebinding creation
 
-To disable the creation of RBAC resources (On clusters without RBAC or if you would like to manage the creation outside the scope of this chart). Do the following:
+If you don't want the RBAC roles and bindings to be created by the installation of this chart simply install the default chart.
 
 ```console
-$ helm install --name my-release incubator/istio --set rbac.install=false
+$ helm install --name my-release incubator/istio
 ```
 
 ## Installing the Chart

diff --git a/incubator/istio/templates/NOTES.txt b/incubator/istio/templates/NOTES.txt
@@ -15,7 +15,7 @@ Verifying the Grafana dashboard
 Verifying the Grafana dashboard
 
   export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "component={{ $serviceName }}-{{ .Values.addons.grafana.deployment.name }}" -o jsonpath="{.items[0].metadata.name}")
-  kubectl port-forward $POD_NAME {{ .Values.addons.grafana.service.externalPort }}:{{ .Values.addons.grafana.service.externalPort }}
+  kubectl port-forward $POD_NAME {{ .Values.addons.grafana.service.externalPort }}:{{ .Values.addons.grafana.service.externalPort }} --namespace {{ .Release.Namespace }}
   echo http://127.0.0.1:{{ .Values.addons.grafana.service.externalPort }}/dashboard/db/istio-dashboard
 {{- end }}
 {{- end }}
@@ -32,7 +32,7 @@ Verifying the ServiceGraph service
 Verifying the ServiceGraph service
 
   export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "component={{ $serviceName }}-{{ .Values.addons.servicegraph.deployment.name }}" -o jsonpath="{.items[0].metadata.name}")
-  kubectl port-forward $POD_NAME {{ .Values.addons.servicegraph.service.externalPort }}:{{ .Values.addons.servicegraph.service.externalPort }}
+  kubectl port-forward $POD_NAME {{ .Values.addons.servicegraph.service.externalPort }}:{{ .Values.addons.servicegraph.service.externalPort }} --namespace {{ .Release.Namespace }}
   echo http://127.0.0.1:{{ .Values.addons.servicegraph.service.externalPort }}/dotviz
 {{- end }}
 {{- end }}
@@ -47,4 +47,4 @@ Or deploy the BookInfo App!
 
 Using Istioctl
 
-  istioctl --managerAPIService {{ $serviceName }}-{{ .Values.manager.name }}:{{ .Values.manager.service.externalHttpApiServer }} [command]
+  istioctl --configAPIService {{ $serviceName }}-{{ .Values.pilot.name }}:{{ .Values.pilot.service.externalHttpApiServer }} [command]
diff --git a/incubator/istio/templates/configmap.yaml b/incubator/istio/templates/configmap.yaml
@@ -10,7 +10,7 @@ data:
 {{ if .Values.auth.enabled }}
     authPolicy: MUTUAL_TLS
 {{ end }}
-    mixerAddress: {{ template "fullname" . }}-mixer:{{ .Values.mixer.service.externalTcpPort }}
-    discoveryAddress: {{ template "fullname" . }}-manager:{{ .Values.manager.service.externalHttpDiscovery }}
-    ingressService: {{ template "fullname" . }}-ingress
-    zipkinAddress: {{ template "fullname" . }}-zipkin:{{ .Values.addons.zipkin.service.externalPort }}
+    mixerAddress: {{ $serviceName }}-mixer:{{ .Values.mixer.service.externalTcpPort }}
+    discoveryAddress: {{ $serviceName }}-pilot:{{ .Values.pilot.service.externalHttpDiscovery }}
+    ingressService: istio-ingress
+    zipkinAddress: {{ $serviceName }}-zipkin:{{ .Values.addons.zipkin.service.externalPort }}
diff --git a/incubator/istio/templates/egress-svc.yaml b/incubator/istio/templates/egress-svc.yaml
@@ -2,7 +2,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ $serviceName }}-egress
+  name: istio-egress
   labels:
 {{ include "labels.standard" . | indent 4 }}
     istio: {{ $serviceName }}-egress

diff --git a/incubator/istio/templates/ingress-svc.yaml b/incubator/istio/templates/ingress-svc.yaml
@@ -2,7 +2,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ $serviceName }}-{{ .Values.ingress.deployment.name }}
+  name: istio-ingress
   labels:
 {{ include "labels.standard" . | indent 4 }}
     istio: {{ $serviceName }}-{{ .Values.ingress.deployment.name }}

diff --git a/incubator/istio/templates/manager-deployment.yaml b/incubator/istio/templates/manager-deployment.yaml
diff --git a/incubator/istio/templates/manager-svc.yaml b/incubator/istio/templates/manager-svc.yaml
diff --git a/incubator/istio/templates/pilot-deployment.yaml b/incubator/istio/templates/pilot-deployment.yaml
@@ -0,0 +1,52 @@
+{{- $serviceName := include "fullname" . -}}
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: {{ $serviceName }}-{{ .Values.pilot.name }}
+  labels:
+{{ include "labels.standard" . | indent 4 }}
+    component: {{ $serviceName }}-{{ .Values.pilot.name }}
+    istio: {{ $serviceName }}-{{ .Values.pilot.name }}
+spec:
+  replicas: {{ .Values.pilot.deployment.replicas }}
+  template:
+    metadata:
+      annotations:
+        {{- range $key, $value := .Values.pilot.deployment.annotations }}
+          {{ $key }}: {{ $value | quote }}
+        {{- end }}
+      labels:
+{{ include "labels.standard" . | indent 8 }}
+        component: {{ $serviceName }}-{{ .Values.pilot.name }}
+        istio: {{ $serviceName }}-{{ .Values.pilot.name }}
+    spec:
+      serviceAccountName: {{ $serviceName }}-pilot-service-account
+      containers:
+      - name: {{ .Values.pilot.deployment.discovery.name }}
+        image: "{{ .Values.pilot.deployment.discovery.image }}:{{ .Values.istioRelease }}"
+        imagePullPolicy: {{ .Values.pilot.deployment.discovery.imagePullPolicy }}
+        args: ["discovery", "-v", "2"]
+        ports:
+        - containerPort: {{ .Values.pilot.service.externalHttpDiscovery }}
+        env:
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+        resources:
+{{ toYaml .Values.pilot.deployment.discovery.resources | indent 10 }}
+      - name: {{ .Values.pilot.deployment.apiserver.name }}
+        image: "{{ .Values.pilot.deployment.apiserver.image }}:{{ .Values.istioRelease }}"
+        imagePullPolicy: {{ .Values.pilot.deployment.apiserver.imagePullPolicy }}
+        args: ["apiserver", "-v", "2"]
+        ports:
+        - containerPort: {{ .Values.pilot.service.externalHttpApiServer }}
+        env:
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+        resources:
+{{ toYaml .Values.pilot.deployment.apiserver.resources | indent 10 }}
diff --git a/...io/templates/manager-service-account.yaml → ...stio/templates/pilot-service-account.yaml b/...io/templates/manager-service-account.yaml → ...stio/templates/pilot-service-account.yaml
@@ -2,7 +2,7 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: {{ $serviceName }}-manager-service-account
+  name: {{ $serviceName }}-pilot-service-account
   labels:
 {{ include "labels.standard" . | indent 4 }}
-    istio: {{ $serviceName }}-manager
+    istio: {{ $serviceName }}-pilot
diff --git a/incubator/istio/templates/pilot-svc.yaml b/incubator/istio/templates/pilot-svc.yaml
@@ -0,0 +1,20 @@
+{{- $serviceName := include "fullname" . -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ $serviceName }}-{{ .Values.pilot.name }}
+  labels:
+{{ include "labels.standard" . | indent 4 }}
+    istio: {{ $serviceName }}-{{ .Values.pilot.name }}
+spec:
+  type: {{ .Values.pilot.service.type }}
+  ports:
+  - port: {{ .Values.pilot.service.externalHttpDiscovery }}
+    name: http-discovery
+  - port: {{ .Values.pilot.service.externalHttpApiServer }}
+    name: http-apiserver
+  selector:
+    app: {{ include "name" . }}
+    component: {{ $serviceName }}-{{ .Values.pilot.name }}
+    release: {{ .Release.Name }}
+    istio: {{ $serviceName }}-{{ .Values.pilot.name }}
diff --git a/incubator/istio/templates/rbac.yaml b/incubator/istio/templates/rbac.yaml
@@ -3,7 +3,7 @@
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/{{ required "A valid .Values.rbac.apiVersion entry required!" .Values.rbac.apiVersion }}
 metadata:
-  name: {{ $serviceName }}-manager
+  name: {{ $serviceName }}-pilot
 rules:
 - apiGroups: ["istio.io"]
   resources: ["istioconfigs", "istioconfigs.istio.io"]
@@ -17,6 +17,9 @@ rules:
 - apiGroups: [""]
   resources: ["namespaces"]
   verbs: ["get", "list"]
+- apiGroups: [""]
+  resources: ["secrets"]
+  verbs: ["get"]
 ---
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/{{ required "A valid .Values.rbac.apiVersion entry required!" .Values.rbac.apiVersion }}
@@ -48,14 +51,14 @@ rules:
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/{{ required "A valid .Values.rbac.apiVersion entry required!" .Values.rbac.apiVersion }}
 metadata:
-  name: {{ $serviceName }}-manager-admin-role-binding
+  name: {{ $serviceName }}-pilot-admin-role-binding
 subjects:
 - kind: ServiceAccount
-  name: {{ $serviceName }}-manager-service-account
+  name: {{ $serviceName }}-pilot-service-account
   namespace: {{ .Release.Namespace }}
 roleRef:
   kind: ClusterRole
-  name: {{ $serviceName }}-manager
+  name: {{ $serviceName }}-pilot
   apiGroup: rbac.authorization.k8s.io
 ---
 kind: ClusterRoleBinding
@@ -81,7 +84,7 @@ subjects:
   namespace: {{ .Release.Namespace }}
 roleRef:
   kind: ClusterRole
-  name: {{ $serviceName }}-manager
+  name: {{ $serviceName }}-pilot
   apiGroup: rbac.authorization.k8s.io
 ---
 kind: ClusterRoleBinding

diff --git a/incubator/istio/values.yaml b/incubator/istio/values.yaml
@@ -1,9 +1,9 @@
 ## Install Default RBAC roles and bindings
 rbac:
-  install: true
+  install: false
   apiVersion: v1beta1
 
-istioRelease: 0.1.5
+istioRelease: 0.1.6
 
 ## Enable Istio auth feature 
 ## This deploys a CA in the namespace and enables mTLS between the services
@@ -34,9 +34,9 @@ mixer:
         cpu: 100m
         memory: 128Mi
 
-## Manager configuration
-manager:
-  name: manager
+## Pilot configuration
+pilot:
+  name: pilot
 
   service:
     type: ClusterIP
@@ -50,7 +50,7 @@ manager:
 
     discovery:
       name: discovery
-      image: docker.io/istio/manager
+      image: docker.io/istio/pilot
       imagePullPolicy: Always
       resources:
         limits:
@@ -62,7 +62,7 @@ manager:
 
     apiserver:
       name: apiserver
-      image: docker.io/istio/manager
+      image: docker.io/istio/pilot
       imagePullPolicy: Always
       resources:
         limits: