HBD-732 update to make setting istio values easier when used as subch…

…art (#136)

deploy/helm/distributed-compute-operator/dco-values.yaml

@@ -7,13 +7,14 @@ image:
 imagePullSecrets:
 - name: domino-quay-repos
 installCRDs: true
-istio:
-  cni: true
-  enabled: false
-  httpIdleTimeout:
-    timeout: 24h
-  install: false
-  rootConfigNamespace: istio-system
+global:
+  istio:
+    cni: true
+    enabled: false
+    httpIdleTimeout:
+      timeout: 24h
+    install: false
+    rootConfigNamespace: istio-system
 mpi:
   initImage:
     registry: quay.io

deploy/helm/distributed-compute-operator/templates/deployment.yaml

@@ -65,7 +65,7 @@ spec:
             - --zap-stacktrace-level={{ . }}
             {{- end }}
             {{- end }}
-            {{- if .Values.istio.enabled }}
+            {{- if .Values.global.istio.enabled }}
             - --istio-enabled
             {{- end }}
             {{- with .Values.mpi.initImage }}

deploy/helm/distributed-compute-operator/templates/hooks.yaml

@@ -97,7 +97,7 @@ spec:
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           args:
             - crd-apply
-            {{- if .Values.istio.enabled }}
+            {{- if .Values.global.istio.enabled }}
             - --istio-enabled
             {{- end }}
           {{- with .Values.podEnv }}
@@ -156,7 +156,7 @@ spec:
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           args:
             - crd-delete
-            {{- if .Values.istio.enabled }}
+            {{- if .Values.global.istio.enabled }}
             - --istio-enabled
             {{- end }}
           {{- with .Values.podEnv }}

deploy/helm/distributed-compute-operator/templates/http-timeout-envoyfilter.yaml

@@ -1,8 +1,8 @@
-{{- if and (.Values.istio.enabled) (.Values.istio.httpIdleTimeout.timeout)  }}
+{{- if and (.Values.global.istio.enabled) (.Values.global.istio.httpIdleTimeout.timeout)  }}
 {{- $commonFullname := include "common.names.fullname" . }}
-{{- $justRootConfigNamespace := list .Values.istio.rootConfigNamespace }}
+{{- $justRootConfigNamespace := list .Values.global.istio.rootConfigNamespace }}
 {{- $defaultNamespaces := .Values.config.watchNamespaces | default $justRootConfigNamespace }}
-{{- $namespaces := .Values.istio.httpIdleTimeout.namespaces | default $defaultNamespaces }}
+{{- $namespaces := .Values.global.istio.httpIdleTimeout.namespaces | default $defaultNamespaces }}
 {{- range $namespace := $namespaces }}
 apiVersion: networking.istio.io/v1alpha3
 kind: EnvoyFilter
@@ -27,7 +27,7 @@ spec:
         typed_config:
           "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
           common_http_protocol_options:
-            idle_timeout: {{ $.Values.istio.httpIdleTimeout.timeout }}
+            idle_timeout: {{ $.Values.global.istio.httpIdleTimeout.timeout }}
   - applyTo: NETWORK_FILTER
     match:
       listener:
@@ -40,6 +40,6 @@ spec:
         name: envoy.filters.network.tcp_proxy
         typed_config:
           '@type': type.googleapis.com/envoy.config.filter.network.tcp_proxy.v2.TcpProxy
-          idle_timeout: {{ $.Values.istio.httpIdleTimeout.timeout }}
+          idle_timeout: {{ $.Values.global.istio.httpIdleTimeout.timeout }}
 {{- end }}
 {{- end }}

deploy/helm/distributed-compute-operator/templates/istio.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.istio.enabled }}
+{{- if .Values.global.istio.enabled }}
 apiVersion: security.istio.io/v1beta1
 kind: PeerAuthentication
 metadata:

deploy/helm/distributed-compute-operator/values.yaml

@@ -2,6 +2,26 @@
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 
+global:
+  istio:
+    # Enable support for environments with Istio installed
+    enabled: false
+    # Elevate pod execution permissions so that Istio's init container can modify
+    # network settings when CNI plugin is NOT installed
+    cniPluginInstalled: true
+    # namespace for istio mesh-level settings
+    rootConfigNamespace: istio-config
+    # set the HTTP connection idle timeout for pods managed by the distributed-compute-operator
+    httpIdleTimeout:
+      # the timeout to set. Leave empty for istio default.
+      timeout: ""
+      # If timeout and namespaces are set, sets the timeout only in given namespaces.
+      # If timeout is set but namespaces is empty:
+      #   - if config.watchNamespaces is empty, then timeout is set across the whole istio mesh
+      #   - else timeout is set for namespaces in config.watchNamespaces
+      # If any namespaces in the istio mesh are unaffected by this setting, they get istio default.
+      namespaces: []
+
 # Number of controller instances to run
 replicaCount: 1
 
@@ -32,25 +52,6 @@ config:
   # Development mode enables debug logging, console output and stacktraces suitable for troubleshooting
   logDevelopmentMode: false
 
-istio:
-  # Enable support for environments with Istio installed
-  enabled: false
-  # Elevate pod execution permissions so that Istio's init container can modify
-  # network settings when CNI plugin is NOT installed
-  cniPluginInstalled: true
-  # namespace for istio mesh-level settings
-  rootConfigNamespace: istio-config
-  # set the HTTP connection idle timeout for pods managed by the distributed-compute-operator
-  httpIdleTimeout:
-    # the timeout to set. Leave empty for istio default.
-    timeout: ""
-    # If timeout and namespaces are set, sets the timeout only in given namespaces.
-    # If timeout is set but namespaces is empty:
-    #   - if config.watchNamespaces is empty, then timeout is set across the whole istio mesh
-    #   - else timeout is set for namespaces in config.watchNamespaces
-    # If any namespaces in the istio mesh are unaffected by this setting, they get istio default.
-    namespaces: []
-
 podSecurityPolicy:
   # Create custom PSP for operator
   enabled: true