Merge pull request #71 from signadot/base-for-v0.19.2

Base for release v0.19.2

Author: foxish

signadot/operator/Chart.yaml

@@ -6,10 +6,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: "0.19.1"
+version: "0.19.2"
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.19.1"
+appVersion: "0.19.2"

signadot/operator/README.md

@@ -5,12 +5,14 @@ cluster config template
 {{- define "compileClusterConfig" -}}
 {{- $allowedNamespaces := (include "getAllowedNamespaces" . | fromJsonArray) -}}
 allowedNamespaces: {{ if gt (len $allowedNamespaces) 0 }}{{ printf "\n" }}{{ toYaml $allowedNamespaces | indent 2}}{{- else -}}[]{{- end }}
+allowOrphanedResources: {{ if hasKey .Values "allowOrphanedResources" -}}{{ toString .Values.allowOrphanedResources }}{{- else -}}false{{- end }}
 routing:
   istio:
     enabled: {{ if and (hasKey .Values "istio") (hasKey .Values.istio "enabled") -}}{{ toString .Values.istio.enabled }}{{- else -}}false{{- end }}
     enableHostRouting: {{ if and (hasKey .Values "istio") (hasKey .Values.istio "enableDeprecatedHostRouting") -}}{{ toString .Values.istio.enableDeprecatedHostRouting }}{{- else -}}false{{- end }}
   linkerd:
     enabled: {{ if and (hasKey .Values "linkerd") (hasKey .Values.linkerd "enabled") -}}{{ toString .Values.linkerd.enabled }}{{- else -}}false{{- end }}
+  iptablesMode: {{ if and (hasKey .Values "routing") (hasKey .Values.routing "iptablesMode") -}}{{ .Values.routing.iptablesMode }}{{- else -}}legacy{{- end }}
   customHeaders: {{ with .Values }}{{ with .routing }}{{ with .customHeaders }}{{ printf "\n" }}{{ toYaml . | indent 4}}{{- else -}}[]{{- end }}{{- else -}}[]{{- end }}{{- else -}}[]{{- end }}
 sandboxTrafficManager:
   enabled: {{ if and (hasKey .Values "sandboxTrafficManager") (hasKey .Values.sandboxTrafficManager "enabled") -}}{{ toString .Values.sandboxTrafficManager.enabled }}{{- else -}}true{{- end }}

signadot/operator/templates/_helpers.tpl

@@ -22,6 +22,8 @@ spec:
   selector:
     matchLabels:
       app: signadot-agent
+  strategy:
+    type: Recreate
   template:
     metadata:
       annotations:
@@ -59,7 +61,7 @@ spec:
             secretKeyRef:
               key: token
               name: cluster-agent
-        image: {{ with .Values }}{{ with .agent }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/agent:v0.19.1{{- end }}{{- else -}}signadot/agent:v0.19.1{{- end }}{{- else -}}signadot/agent:v0.19.1{{- end }}
+        image: {{ with .Values }}{{ with .agent }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/agent:v0.19.2{{- end }}{{- else -}}signadot/agent:v0.19.2{{- end }}{{- else -}}signadot/agent:v0.19.2{{- end }}
         imagePullPolicy: {{ with .Values }}{{ with .agent }}{{ with .imagePullPolicy }}{{ . | quote}}{{- else -}}IfNotPresent{{- end }}{{- else -}}IfNotPresent{{- end }}{{- else -}}IfNotPresent{{- end }}
         livenessProbe:
           httpGet:
@@ -72,5 +74,9 @@ spec:
           httpGet:
             path: /healthz
             port: 8088
+{{- with .Values }}{{- with .agent }}{{- with .resources }}
+        resources:
+{{ toYaml . | indent 10 }}
+{{- else -}}{{- end }}{{- else -}}{{- end }}{{- else -}}{{- end }}
       serviceAccountName: agent
 {{ end }}

signadot/operator/templates/agent-deployment.yaml

@@ -1,4 +1,5 @@
 # This file is generated. Do not edit.
+{{ if not .Values.disableAgent }}
 apiVersion: v1
 kind: Service
 metadata:
@@ -28,3 +29,4 @@ spec:
   selector:
     app: signadot-agent
   type: ClusterIP
+{{ end }}

signadot/operator/templates/agent-metrics-service.yaml

@@ -17,3 +17,23 @@ subjects:
   name: signadot-controller-manager
   namespace: signadot
 {{ end }}
+{{ if not .Values.disableAgent }}
+# Bind the ClusterRole containing agent permissions to the agent's
+# ServiceAccount only in the specified namespaces.
+{{ range $namespace := $allowedNamespaces }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: signadot-agent-namespaced
+  namespace: {{ $namespace | quote }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: signadot-agent-namespaced
+subjects:
+- kind: ServiceAccount
+  name: agent
+  namespace: signadot
+{{ end }}
+{{ end }}

signadot/operator/templates/allowed_namespaces.yaml

@@ -71,6 +71,8 @@ spec:
                 - kind
                 - name
                 type: object
+              disableSandboxTrafficManager:
+                type: boolean
               patches:
                 description: List of patches to be applied to the baseline workload
                 items:

signadot/operator/templates/forkedworkloads.signadot.com-customresourcedefinition.yaml

@@ -40,9 +40,13 @@ spec:
         - /app/io-context-server
         - -tls=secretns=signadot
         - -port=8443
-        image: {{ with .Values }}{{ with .ioContextServer }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/io-context-server:v0.19.1{{- end }}{{- else -}}signadot/io-context-server:v0.19.1{{- end }}{{- else -}}signadot/io-context-server:v0.19.1{{- end }}
+        image: {{ with .Values }}{{ with .ioContextServer }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/io-context-server:v0.19.2{{- end }}{{- else -}}signadot/io-context-server:v0.19.2{{- end }}{{- else -}}signadot/io-context-server:v0.19.2{{- end }}
         imagePullPolicy: {{ with .Values }}{{ with .ioContextServer }}{{ with .imagePullPolicy }}{{ . | quote}}{{- else -}}IfNotPresent{{- end }}{{- else -}}IfNotPresent{{- end }}{{- else -}}IfNotPresent{{- end }}
         name: io-context-server
         ports:
         - containerPort: 8443
+{{- with .Values }}{{- with .ioContextServer }}{{- with .resources }}
+        resources:
+{{ toYaml . | indent 10 }}
+{{- else -}}{{- end }}{{- else -}}{{- end }}{{- else -}}{{- end }}
       serviceAccountName: io-context-server

signadot/operator/templates/io-context-server-deployment.yaml

@@ -151,11 +151,16 @@ spec:
               trafficManager:
                 description: Traffic manager settings
                 properties:
+                  enabled:
+                    description: Explicitly enable traffic manager in runner pods
+                      for this job.
+                    type: boolean
                   injectRoutingKey:
                     default: Disabled
                     description: |-
                       Enable the automatic insertion of routing key headers for HTTP and gRPC
-                      (H2C) traffic
+                      (H2C) traffic. The "auto" value will overwrite the value of the Enabled
+                      field, setting it to true.
                     enum:
                     - Disabled
                     - Auto

signadot/operator/templates/jobs.signadot.com-customresourcedefinition.yaml

@@ -36,7 +36,7 @@ spec:
         {{- end }}
     spec:
       containers:
-      - image: {{ with .Values }}{{ with .routeServer }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/route-server:v0.19.1{{- end }}{{- else -}}signadot/route-server:v0.19.1{{- end }}{{- else -}}signadot/route-server:v0.19.1{{- end }}
+      - image: {{ with .Values }}{{ with .routeServer }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/route-server:v0.19.2{{- end }}{{- else -}}signadot/route-server:v0.19.2{{- end }}{{- else -}}signadot/route-server:v0.19.2{{- end }}
         imagePullPolicy: {{ with .Values }}{{ with .routeServer }}{{ with .imagePullPolicy }}{{ . | quote}}{{- else -}}IfNotPresent{{- end }}{{- else -}}IfNotPresent{{- end }}{{- else -}}IfNotPresent{{- end }}
         name: routeserver
         ports:
@@ -48,4 +48,8 @@ spec:
           name: http-legacy
         - containerPort: 9090
           name: http-metrics
+{{- with .Values }}{{- with .routeServer }}{{- with .resources }}
+        resources:
+{{ toYaml . | indent 10 }}
+{{- else -}}{{- end }}{{- else -}}{{- end }}{{- else -}}{{- end }}
       serviceAccountName: routeserver