Skip to content

Commit e7aa806

Browse files
Merge pull request #65 from signadot/release-v0.18.0
Changes for release v0.18.0
2 parents 84a93a7 + b546561 commit e7aa806

13 files changed

+74
-22
lines changed

signadot/operator/Chart.yaml

+2-2
Original file line numberDiff line numberDiff line change
@@ -6,10 +6,10 @@ type: application
66
# This is the chart version. This version number should be incremented each time you make changes
77
# to the chart and its templates, including the app version.
88
# Versions are expected to follow Semantic Versioning (https://semver.org/)
9-
version: "0.17.0"
9+
version: "0.18.0"
1010

1111
# This is the version number of the application being deployed. This version number should be
1212
# incremented each time you make changes to the application. Versions are not expected to
1313
# follow Semantic Versioning. They should reflect the version the application is using.
1414
# It is recommended to use it with quotes.
15-
appVersion: "0.17.0"
15+
appVersion: "0.18.0"

signadot/operator/README.md

+10-5
Original file line numberDiff line numberDiff line change
@@ -117,6 +117,9 @@ style resources and are not needed in an installation which uses the new
117117
| `jobExecutorInit.image` | Job Executor Init container image override | `signadot/job-executor-init:vX.Y.Z` |
118118
| `jobExecutorInit.imagePullPolicy` | Job Executor Init container image pull policy | `IfNotPresent` |
119119
| `jobExecutorInit.imagePullSecret` | Job Executor Init container image pull secret | `""` |
120+
| `jobExecutorProxy.image` | Job Executor Proxy container image override | `signadot/job-executor-proxy:vX.Y.Z` |
121+
| `jobExecutorProxy.imagePullPolicy` | Job Executor Proxy container image pull policy | `IfNotPresent` |
122+
| `jobExecutorProxy.imagePullSecret` | Job Executor Proxy container image pull secret | `""` |
120123

121124

122125
### Tunnel parameters
@@ -142,8 +145,10 @@ style resources and are not needed in an installation which uses the new
142145

143146
When Istio is enabled (`istio.enabled: true`), the Signadot Operator manipulates Istio VirtualServices by applying new HTTPRoutes where appropriate to direct traffic to sandboxed workloads. You can configure the operator to add labels and annotations to these objects when they are in use by the operator. Note that these labels and annotations are only added when the object comes into use. This can be useful for temporarily disabling CI sync, amongst other possibilities.
144147

145-
| Name | Description | Default |
146-
| ----------------------------- | --------------------------------------------------------- | ------- |
147-
| `istio.enabled` | Enable Istio integration | `false` |
148-
| `istio.additionalAnnotations` | Annotations to add to istio VirtualServices if not present | `{}` |
149-
| `istio.additionalLabels` | Labels to add to istio VirtualServices if not present | `{}` |
148+
| Name | Description | Default |
149+
| ----------------------------------- | --------------------------------------------------------------------------------------------------------- | ------- |
150+
| `istio.enabled` | Enable Istio integration | `false` |
151+
| `istio.additionalAnnotations` | Annotations to add to istio VirtualServices if not present | `{}` |
152+
| `istio.additionalLabels` | Labels to add to istio VirtualServices if not present | `{}` |
153+
| `istio.enableDeprecatedHostRouting` | Enable sandbox routing by matching the `VirtualService.host` field. **This feature has been deprecated**. | `false` |
154+

signadot/operator/templates/agent-deployment.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,7 @@ spec:
4848
secretKeyRef:
4949
key: token
5050
name: cluster-agent
51-
image: {{ with .Values }}{{ with .agent }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/agent:v0.17.0{{- end }}{{- else -}}signadot/agent:v0.17.0{{- end }}{{- else -}}signadot/agent:v0.17.0{{- end }}
51+
image: {{ with .Values }}{{ with .agent }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/agent:v0.18.0{{- end }}{{- else -}}signadot/agent:v0.18.0{{- end }}{{- else -}}signadot/agent:v0.18.0{{- end }}
5252
imagePullPolicy: {{ with .Values }}{{ with .agent }}{{ with .imagePullPolicy }}{{ . | quote}}{{- else -}}IfNotPresent{{- end }}{{- else -}}IfNotPresent{{- end }}{{- else -}}IfNotPresent{{- end }}
5353
livenessProbe:
5454
httpGet:

signadot/operator/templates/io-context-server-deployment.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ spec:
4040
- /app/io-context-server
4141
- -tls=secretns=signadot
4242
- -port=8443
43-
image: {{ with .Values }}{{ with .ioContextServer }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/io-context-server:v0.17.0{{- end }}{{- else -}}signadot/io-context-server:v0.17.0{{- end }}{{- else -}}signadot/io-context-server:v0.17.0{{- end }}
43+
image: {{ with .Values }}{{ with .ioContextServer }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/io-context-server:v0.18.0{{- end }}{{- else -}}signadot/io-context-server:v0.18.0{{- end }}{{- else -}}signadot/io-context-server:v0.18.0{{- end }}
4444
imagePullPolicy: {{ with .Values }}{{ with .ioContextServer }}{{ with .imagePullPolicy }}{{ . | quote}}{{- else -}}IfNotPresent{{- end }}{{- else -}}IfNotPresent{{- end }}{{- else -}}IfNotPresent{{- end }}
4545
name: io-context-server
4646
ports:

signadot/operator/templates/istioroutes.signadot.com-customresourcedefinition.yaml

+4
Original file line numberDiff line numberDiff line change
@@ -147,11 +147,15 @@ spec:
147147
name:
148148
description: This is the virtual service name
149149
type: string
150+
namespace:
151+
description: This is the virtual service namespace
152+
type: string
150153
status:
151154
description: Status information about the virtual service configuration
152155
type: string
153156
required:
154157
- name
158+
- namespace
155159
- status
156160
type: object
157161
type: array

signadot/operator/templates/jobs.signadot.com-customresourcedefinition.yaml

+15
Original file line numberDiff line numberDiff line change
@@ -140,6 +140,21 @@ spec:
140140
x-kubernetes-validations:
141141
- message: Timeout is immutable
142142
rule: self == oldSelf
143+
trafficManager:
144+
description: Traffic manager settings
145+
properties:
146+
injectRoutingKey:
147+
default: Disabled
148+
description: Enable the automatic insertion of routing key headers
149+
for HTTP and gRPC (H2C) traffic
150+
enum:
151+
- Disabled
152+
- Auto
153+
type: string
154+
type: object
155+
x-kubernetes-validations:
156+
- message: Timeout is immutable
157+
rule: self == oldSelf
143158
required:
144159
- canceled
145160
- content

signadot/operator/templates/routeserver-deployment.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ spec:
3636
{{- end }}
3737
spec:
3838
containers:
39-
- image: {{ with .Values }}{{ with .routeServer }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/route-server:v0.17.0{{- end }}{{- else -}}signadot/route-server:v0.17.0{{- end }}{{- else -}}signadot/route-server:v0.17.0{{- end }}
39+
- image: {{ with .Values }}{{ with .routeServer }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/route-server:v0.18.0{{- end }}{{- else -}}signadot/route-server:v0.18.0{{- end }}{{- else -}}signadot/route-server:v0.18.0{{- end }}
4040
imagePullPolicy: {{ with .Values }}{{ with .routeServer }}{{ with .imagePullPolicy }}{{ . | quote}}{{- else -}}IfNotPresent{{- end }}{{- else -}}IfNotPresent{{- end }}{{- else -}}IfNotPresent{{- end }}
4141
name: routeserver
4242
ports:

signadot/operator/templates/routingconfigs.signadot.com-customresourcedefinition.yaml

+5
Original file line numberDiff line numberDiff line change
@@ -205,12 +205,17 @@ spec:
205205
description: This is the virtual service
206206
name
207207
type: string
208+
namespace:
209+
description: This is the virtual service
210+
namespace
211+
type: string
208212
status:
209213
description: Status information about the
210214
virtual service configuration
211215
type: string
212216
required:
213217
- name
218+
- namespace
214219
- status
215220
type: object
216221
type: array

signadot/operator/templates/signadot-controller-manager-deployment.yaml

+15-7
Original file line numberDiff line numberDiff line change
@@ -62,6 +62,8 @@ spec:
6262
value: {{ with .Values }}{{ with .ioSidecar }}{{ with .imagePullSecret }}{{ . }}{{- else -}}""{{- end }}{{- else -}}""{{- end }}{{- else -}}""{{- end }}
6363
- name: ISTIO_ENABLED
6464
value: {{ with .Values }}{{ with .istio }}{{ with .enabled }}{{ toString . | quote}}{{- else -}}"false"{{- end }}{{- else -}}"false"{{- end }}{{- else -}}"false"{{- end }}
65+
- name: ISTIO_HOST_ROUTING
66+
value: {{ with .Values }}{{ with .istio }}{{ with .enableDeprecatedHostRouting }}{{ toString . | quote}}{{- else -}}"false"{{- end }}{{- else -}}"false"{{- end }}{{- else -}}"false"{{- end }}
6567
- name: ISTIO_ADDITIONAL_LABELS
6668
value: {{ with .Values }}{{ with .istio }}{{ with .additionalLabels }}{{ mustToJson . | quote}}{{- else -}}""{{- end }}{{- else -}}""{{- end }}{{- else -}}""{{- end }}
6769
- name: ISTIO_ADDITIONAL_ANNOTATIONS
@@ -70,21 +72,27 @@ spec:
7072
value: {{ with .Values }}{{ with .jobExecutorInit }}{{ with .imagePullPolicy }}{{ . }}{{- else -}}"IfNotPresent"{{- end }}{{- else -}}"IfNotPresent"{{- end }}{{- else -}}"IfNotPresent"{{- end }}
7173
- name: JOB_EXECUTOR_INIT_IMAGE_PULL_SECRET
7274
value: {{ with .Values }}{{ with .jobExecutorInit }}{{ with .imagePullSecret }}{{ . }}{{- else -}}""{{- end }}{{- else -}}""{{- end }}{{- else -}}""{{- end }}
75+
- name: JOB_EXECUTOR_PROXY_IMAGE_PULL_POLICY
76+
value: {{ with .Values }}{{ with .jobExecutorProxy }}{{ with .imagePullPolicy }}{{ . }}{{- else -}}"IfNotPresent"{{- end }}{{- else -}}"IfNotPresent"{{- end }}{{- else -}}"IfNotPresent"{{- end }}
77+
- name: JOB_EXECUTOR_PROXY_IMAGE_PULL_SECRET
78+
value: {{ with .Values }}{{ with .jobExecutorProxy }}{{ with .imagePullSecret }}{{ . }}{{- else -}}""{{- end }}{{- else -}}""{{- end }}{{- else -}}""{{- end }}
7379
- name: SIDECAR_INIT_IMAGE
74-
value: {{ with .Values }}{{ with .routeInit }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/route-sidecar-init:v0.17.0{{- end }}{{- else -}}signadot/route-sidecar-init:v0.17.0{{- end }}{{- else -}}signadot/route-sidecar-init:v0.17.0{{- end }}
80+
value: {{ with .Values }}{{ with .routeInit }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/route-sidecar-init:v0.18.0{{- end }}{{- else -}}signadot/route-sidecar-init:v0.18.0{{- end }}{{- else -}}signadot/route-sidecar-init:v0.18.0{{- end }}
7581
- name: LEGACY_SIDECAR_INIT_IMAGE
7682
value: {{ with .Values }}{{ with .routeInit }}{{ with .legacy }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/sd-init-networking:latest{{- end }}{{- else -}}signadot/sd-init-networking:latest{{- end }}{{- else -}}signadot/sd-init-networking:latest{{- end }}{{- else -}}signadot/sd-init-networking:latest{{- end }}
7783
- name: ROUTE_SIDECAR_IMAGE
78-
value: {{ with .Values }}{{ with .routeSidecar }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/route-sidecar:v0.17.0{{- end }}{{- else -}}signadot/route-sidecar:v0.17.0{{- end }}{{- else -}}signadot/route-sidecar:v0.17.0{{- end }}
84+
value: {{ with .Values }}{{ with .routeSidecar }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/route-sidecar:v0.18.0{{- end }}{{- else -}}signadot/route-sidecar:v0.18.0{{- end }}{{- else -}}signadot/route-sidecar:v0.18.0{{- end }}
7985
- name: LEGACY_ROUTE_SIDECAR_IMAGE
80-
value: {{ with .Values }}{{ with .routeSidecar }}{{ with .legacy }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/route-sidecar-legacy:v0.17.0{{- end }}{{- else -}}signadot/route-sidecar-legacy:v0.17.0{{- end }}{{- else -}}signadot/route-sidecar-legacy:v0.17.0{{- end }}{{- else -}}signadot/route-sidecar-legacy:v0.17.0{{- end }}
86+
value: {{ with .Values }}{{ with .routeSidecar }}{{ with .legacy }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/route-sidecar-legacy:v0.18.0{{- end }}{{- else -}}signadot/route-sidecar-legacy:v0.18.0{{- end }}{{- else -}}signadot/route-sidecar-legacy:v0.18.0{{- end }}{{- else -}}signadot/route-sidecar-legacy:v0.18.0{{- end }}
8187
- name: IO_INIT_IMAGE
82-
value: {{ with .Values }}{{ with .ioInit }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/io-init:v0.17.0{{- end }}{{- else -}}signadot/io-init:v0.17.0{{- end }}{{- else -}}signadot/io-init:v0.17.0{{- end }}
88+
value: {{ with .Values }}{{ with .ioInit }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/io-init:v0.18.0{{- end }}{{- else -}}signadot/io-init:v0.18.0{{- end }}{{- else -}}signadot/io-init:v0.18.0{{- end }}
8389
- name: IO_SIDECAR_IMAGE
84-
value: {{ with .Values }}{{ with .ioSidecar }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/io-sidecar:v0.17.0{{- end }}{{- else -}}signadot/io-sidecar:v0.17.0{{- end }}{{- else -}}signadot/io-sidecar:v0.17.0{{- end }}
90+
value: {{ with .Values }}{{ with .ioSidecar }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/io-sidecar:v0.18.0{{- end }}{{- else -}}signadot/io-sidecar:v0.18.0{{- end }}{{- else -}}signadot/io-sidecar:v0.18.0{{- end }}
8591
- name: JOB_EXECUTOR_INIT_IMAGE
86-
value: {{ with .Values }}{{ with .jobExecutorInit }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/job-executor-init:v0.17.0{{- end }}{{- else -}}signadot/job-executor-init:v0.17.0{{- end }}{{- else -}}signadot/job-executor-init:v0.17.0{{- end }}
87-
image: {{ with .Values }}{{ with .operator }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/operator:v0.17.0{{- end }}{{- else -}}signadot/operator:v0.17.0{{- end }}{{- else -}}signadot/operator:v0.17.0{{- end }}
92+
value: {{ with .Values }}{{ with .jobExecutorInit }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/job-executor-init:v0.18.0{{- end }}{{- else -}}signadot/job-executor-init:v0.18.0{{- end }}{{- else -}}signadot/job-executor-init:v0.18.0{{- end }}
93+
- name: JOB_EXECUTOR_PROXY_IMAGE
94+
value: {{ with .Values }}{{ with .jobExecutorProxy }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/job-executor-proxy:v0.18.0{{- end }}{{- else -}}signadot/job-executor-proxy:v0.18.0{{- end }}{{- else -}}signadot/job-executor-proxy:v0.18.0{{- end }}
95+
image: {{ with .Values }}{{ with .operator }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/operator:v0.18.0{{- end }}{{- else -}}signadot/operator:v0.18.0{{- end }}{{- else -}}signadot/operator:v0.18.0{{- end }}
8896
imagePullPolicy: {{ with .Values }}{{ with .operator }}{{ with .imagePullPolicy }}{{ . | quote}}{{- else -}}IfNotPresent{{- end }}{{- else -}}IfNotPresent{{- end }}{{- else -}}IfNotPresent{{- end }}
8997
livenessProbe:
9098
httpGet:

signadot/operator/templates/signadot-routeserver-clusterrole.yaml

+9
Original file line numberDiff line numberDiff line change
@@ -20,3 +20,12 @@ rules:
2020
- get
2121
- list
2222
- watch
23+
- apiGroups:
24+
- ""
25+
resources:
26+
- services
27+
- pods
28+
verbs:
29+
- get
30+
- list
31+
- watch

signadot/operator/templates/tunnel-api-deployment.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,7 @@ spec:
4545
{{- else -}}{{- end }}{{- else -}}{{- end }}{{- else -}}{{- end }}{{- else -}}{{- end }}{{- else -}}{{- end }}
4646
{{ with .Values }}{{ with .tunnel }}{{ with .config }}{{ with .externalDNS }}{{ with .syncInterval }} - --external-dns-resync-interval={{ . }}
4747
{{- else -}}{{- end }}{{- else -}}{{- end }}{{- else -}}{{- end }}{{- else -}}{{- end }}{{- else -}}{{- end }}
48-
image: {{ with .Values }}{{ with .tunnel }}{{ with .api }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/tunnel-api:v0.17.0{{- end }}{{- else -}}signadot/tunnel-api:v0.17.0{{- end }}{{- else -}}signadot/tunnel-api:v0.17.0{{- end }}{{- else -}}signadot/tunnel-api:v0.17.0{{- end }}
48+
image: {{ with .Values }}{{ with .tunnel }}{{ with .api }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/tunnel-api:v0.18.0{{- end }}{{- else -}}signadot/tunnel-api:v0.18.0{{- end }}{{- else -}}signadot/tunnel-api:v0.18.0{{- end }}{{- else -}}signadot/tunnel-api:v0.18.0{{- end }}
4949
imagePullPolicy: {{ with .Values }}{{ with .tunnel }}{{ with .api }}{{ with .imagePullPolicy }}{{ . | quote}}{{- else -}}IfNotPresent{{- end }}{{- else -}}IfNotPresent{{- end }}{{- else -}}IfNotPresent{{- end }}{{- else -}}IfNotPresent{{- end }}
5050
name: tunnel-api
5151
ports:

signadot/operator/templates/tunnel-auditor-config-configmap.yaml

+8-2
Original file line numberDiff line numberDiff line change
@@ -125,7 +125,6 @@ data:
125125
idleTimeout: 3600s
126126
maxStreamDuration:
127127
maxStreamDuration: 0s
128-
maxStreamDuration: 0s
129128
130129
# TCP proxy
131130
- filters:
@@ -246,6 +245,14 @@ data:
246245
- name: envoy.filters.http.router
247246
typed_config:
248247
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
248+
249+
# enable HTTP CONNECT and Websockets
250+
http2_protocol_options:
251+
allow_connect: true
252+
upgrade_configs:
253+
- upgrade_type: CONNECT
254+
- upgrade_type: websocket
255+
249256
route_config:
250257
name: local_route
251258
virtual_hosts:
@@ -260,7 +267,6 @@ data:
260267
idleTimeout: 3600s
261268
maxStreamDuration:
262269
maxStreamDuration: 0s
263-
maxStreamDuration: 0s
264270
265271
# TCP filter
266272
- filters:

signadot/operator/templates/tunnel-proxy-deployment.yaml

+2-2
Original file line numberDiff line numberDiff line change
@@ -60,7 +60,7 @@ spec:
6060
valueFrom:
6161
fieldRef:
6262
fieldPath: metadata.name
63-
image: {{ with .Values }}{{ with .tunnel }}{{ with .proxy }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/tunnel-proxy:v0.17.0{{- end }}{{- else -}}signadot/tunnel-proxy:v0.17.0{{- end }}{{- else -}}signadot/tunnel-proxy:v0.17.0{{- end }}{{- else -}}signadot/tunnel-proxy:v0.17.0{{- end }}
63+
image: {{ with .Values }}{{ with .tunnel }}{{ with .proxy }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/tunnel-proxy:v0.18.0{{- end }}{{- else -}}signadot/tunnel-proxy:v0.18.0{{- end }}{{- else -}}signadot/tunnel-proxy:v0.18.0{{- end }}{{- else -}}signadot/tunnel-proxy:v0.18.0{{- end }}
6464
imagePullPolicy: {{ with .Values }}{{ with .tunnel }}{{ with .proxy }}{{ with .imagePullPolicy }}{{ . | quote}}{{- else -}}IfNotPresent{{- end }}{{- else -}}IfNotPresent{{- end }}{{- else -}}IfNotPresent{{- end }}{{- else -}}IfNotPresent{{- end }}
6565
name: tunnel-proxy
6666
ports:
@@ -108,7 +108,7 @@ spec:
108108
value: "10000"
109109
- name: OUTBOUND_AUDITOR_PORT
110110
value: "10001"
111-
image: {{ with .Values }}{{ with .tunnel }}{{ with .auditor }}{{ with .init }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/tunnel-auditor-init:v0.17.0{{- end }}{{- else -}}signadot/tunnel-auditor-init:v0.17.0{{- end }}{{- else -}}signadot/tunnel-auditor-init:v0.17.0{{- end }}{{- else -}}signadot/tunnel-auditor-init:v0.17.0{{- end }}{{- else -}}signadot/tunnel-auditor-init:v0.17.0{{- end }}
111+
image: {{ with .Values }}{{ with .tunnel }}{{ with .auditor }}{{ with .init }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/tunnel-auditor-init:v0.18.0{{- end }}{{- else -}}signadot/tunnel-auditor-init:v0.18.0{{- end }}{{- else -}}signadot/tunnel-auditor-init:v0.18.0{{- end }}{{- else -}}signadot/tunnel-auditor-init:v0.18.0{{- end }}{{- else -}}signadot/tunnel-auditor-init:v0.18.0{{- end }}
112112
imagePullPolicy: {{ with .Values }}{{ with .tunnel }}{{ with .auditor }}{{ with .init }}{{ with .imagePullPolicy }}{{ . }}{{- else -}}"IfNotPresent"{{- end }}{{- else -}}"IfNotPresent"{{- end }}{{- else -}}"IfNotPresent"{{- end }}{{- else -}}"IfNotPresent"{{- end }}{{- else -}}"IfNotPresent"{{- end }}
113113
name: auditor-init
114114
securityContext:

0 commit comments

Comments
 (0)