diff --git a/build/patch-charts.sh b/build/patch-charts.sh index 0e6dbd38ce..427b2f5e38 100755 --- a/build/patch-charts.sh +++ b/build/patch-charts.sh @@ -97,15 +97,6 @@ function patchGalley() { - "*"\ resources:\ - "*"\ - - operations:\ - - CREATE\ - - UPDATE\ - apiGroups:\ - - maistra.io\ - apiVersions:\ - - "*"\ - resources:\ - - "servicemeshextensions"\ - operations:\ - CREATE\ - UPDATE\ @@ -136,9 +127,6 @@ function patchGalley() { - apiGroups: ["route.openshift.io"]\ resources: ["routes", "routes/custom-host"]\ verbs: ["get", "list", "watch", "create", "delete", "update"]\ - - apiGroups: ["maistra.io"]\ - resources: ["servicemeshextensions"]\ - verbs: ["get", "list", "watch"]\ # Allow use of blockOwnerDeletion in ownerReferences pointing to Pods (see OSSM-1321)\ - apiGroups: [""]\ resources: ["pods/finalizers"]\ diff --git a/pkg/controller/servicemesh/webhooks/validation/controlplane_test.go b/pkg/controller/servicemesh/webhooks/validation/controlplane_test.go index 6426a43447..0893fe1a6c 100644 --- a/pkg/controller/servicemesh/webhooks/validation/controlplane_test.go +++ b/pkg/controller/servicemesh/webhooks/validation/controlplane_test.go @@ -8,6 +8,7 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" + apiv1 "maistra.io/api/core/v1" webhookadmission "sigs.k8s.io/controller-runtime/pkg/webhook/admission" maistrav1 "github.com/maistra/istio-operator/pkg/apis/maistra/v1" @@ -66,10 +67,11 @@ func TestControlPlaneValidation(t *testing.T) { enabled := true disabled := false cases := []struct { - name string - controlPlane runtime.Object - valid bool - resources []runtime.Object + name string + controlPlane runtime.Object + updatedControlPlane runtime.Object + valid bool + resources []runtime.Object }{ { name: "blank-version", @@ -823,12 +825,41 @@ func TestControlPlaneValidation(t *testing.T) { }, valid: true, }, + { + name: "smcp.upgrade.v2.0.to.v2.3", + controlPlane: newControlPlaneWithVersion("basic", "istio-system", versions.V2_0.String()), + updatedControlPlane: newControlPlaneWithVersion("basic", "istio-system", versions.V2_3.String()), + valid: true, + }, + { + name: "sme.upgrade.to.v2.3.fail", + controlPlane: newControlPlaneWithVersion("basic", "istio-system", versions.V2_2.String()), + updatedControlPlane: newControlPlaneWithVersion("basic", "istio-system", versions.V2_3.String()), + valid: false, + resources: []runtime.Object{ + &apiv1.ServiceMeshExtension{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test", + Namespace: "istio-system", + }, + Spec: apiv1.ServiceMeshExtensionSpec{ + Config: apiv1.ServiceMeshExtensionConfig{ + Data: map[string]interface{}{}, + }, + }, + }, + }, + }, } for _, tc := range cases { t.Run(tc.name, func(t *testing.T) { validator := createControlPlaneValidatorTestFixture(tc.resources...) response := validator.Handle(ctx, createCreateRequest(tc.controlPlane)) + if tc.updatedControlPlane != nil { + response = validator.Handle(ctx, createUpdateRequest(tc.controlPlane, tc.updatedControlPlane)) + } + if tc.valid { var reason string if response.Result != nil { @@ -982,15 +1013,6 @@ func TestFullAffinityOnlySupportedForKiali(t *testing.T) { } } -func TestUpdateOfValidControlPlane(t *testing.T) { - oldControlPlane := newControlPlaneWithVersion("my-smcp", "istio-system", "v2.0") - validator := createControlPlaneValidatorTestFixture(oldControlPlane) - - controlPlane := newControlPlaneWithVersion("my-smcp", "istio-system", "v2.1") - response := validator.Handle(ctx, createUpdateRequest(oldControlPlane, controlPlane)) - assert.True(response.Allowed, "Expected validator to accept update of valid ServiceMeshControlPlane", t) -} - func TestInvalidVersion(t *testing.T) { validControlPlane := newControlPlaneWithVersion("my-smcp", "istio-system", "v1.0") invalidControlPlane := newControlPlaneWithVersion("my-smcp", "istio-system", "InvalidVersion") diff --git a/pkg/controller/versions/strategy_v2_3.go b/pkg/controller/versions/strategy_v2_3.go index c972f92f62..15218205b3 100644 --- a/pkg/controller/versions/strategy_v2_3.go +++ b/pkg/controller/versions/strategy_v2_3.go @@ -17,6 +17,7 @@ import ( utilerrors "k8s.io/apimachinery/pkg/util/errors" "k8s.io/helm/pkg/chartutil" "k8s.io/helm/pkg/manifest" + apiv1 "maistra.io/api/core/v1" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" "sigs.k8s.io/yaml" @@ -248,6 +249,39 @@ func (v *versionStrategyV2_3) validateAddons(spec *v2.ControlPlaneSpec, allError return allErrors } +func (v *versionStrategyV2_3) validateServiceMeshExtensionsRemoved(ctx context.Context, cl client.Client, smcp metav1.Object) error { + serviceMeshExtensions := &apiv1.ServiceMeshExtensionList{} + if err := cl.List(ctx, serviceMeshExtensions); err != nil { + if !errors.IsNotFound(err) && !meta.IsNoMatchError(err) { + return NewValidationError(fmt.Errorf("upgrade validation failed: failed to list ServiceMeshExtensions in cluster (error: %s)", + err, + )) + } + } + if len(serviceMeshExtensions.Items) > 0 { + smmr := &v1.ServiceMeshMemberRoll{} + err := cl.Get(ctx, client.ObjectKey{Name: common.MemberRollName, Namespace: smcp.GetNamespace()}, smmr) + if err != nil { + if !errors.IsNotFound(err) { + return NewValidationError(fmt.Errorf("upgrade validation failed: failed to retrieve SMMR for SMCP (error: %s)", + err, + )) + } + } + meshNamespaces := common.GetMeshNamespaces(smcp.GetNamespace(), smmr) + for _, sme := range serviceMeshExtensions.Items { + if meshNamespaces.Has(sme.Namespace) { + return NewValidationError(fmt.Errorf("found a ServiceMeshExtension '%s' in namespace '%s'. "+ + "ServiceMeshExtension support has been removed; please migrate existing ServiceMeshExtensions to WasmPlugin", + sme.Name, + sme.Namespace, + )) + } + } + } + return nil +} + func (v *versionStrategyV2_3) ValidateV2Full(ctx context.Context, cl client.Client, meta *metav1.ObjectMeta, spec *v2.ControlPlaneSpec) error { var allErrors []error err := v.ValidateV2(ctx, cl, meta, spec) @@ -269,8 +303,7 @@ func (v *versionStrategyV2_3) ValidateDowngrade(ctx context.Context, cl client.C } func (v *versionStrategyV2_3) ValidateUpgrade(ctx context.Context, cl client.Client, smcp metav1.Object) error { - // TODO: what might prevent us from upgrading? - return nil + return v.validateServiceMeshExtensionsRemoved(ctx, cl, smcp) } func (v *versionStrategyV2_3) ValidateUpdate(ctx context.Context, cl client.Client, oldSMCP, newSMCP metav1.Object) error { diff --git a/resources/helm/overlays/wasm-extensions/Chart.yaml b/resources/helm/overlays/wasm-extensions/Chart.yaml deleted file mode 100644 index 3ae45ef623..0000000000 --- a/resources/helm/overlays/wasm-extensions/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -name: wasm-extensions -version: 2.0.0 -appVersion: 1.0.0 -tillerVersion: ">=2.7.2-0" -description: Helm chart for Maistra WASM Extensions -keywords: - - maistra - - wasm -sources: - - http://github.com/maistra/istio -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png diff --git a/resources/helm/overlays/wasm-extensions/templates/_helpers.tpl b/resources/helm/overlays/wasm-extensions/templates/_helpers.tpl deleted file mode 100644 index 3f6288f368..0000000000 --- a/resources/helm/overlays/wasm-extensions/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "wasm-extensions.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "wasm-extensions.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "wasm-extensions.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/resources/helm/overlays/wasm-extensions/templates/clusterrole.yaml b/resources/helm/overlays/wasm-extensions/templates/clusterrole.yaml deleted file mode 100644 index 7088b999a7..0000000000 --- a/resources/helm/overlays/wasm-extensions/templates/clusterrole.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: wasm-cacher-{{ .Values.revision | default "default" }}-{{ .Release.Namespace }} - labels: - release: {{ .Release.Name }} - app: wasm-cacher - istio.io/rev: {{ .Values.revision | default "default" }} -rules: -- apiGroups: - - maistra.io - resources: - - servicemeshextensions - - servicemeshextensions/status - - servicemeshextensions/finalizers - verbs: - - get - - list - - watch - - update -- apiGroups: - - maistra.io - resources: - - servicemeshmemberrolls - verbs: - - get - - list - - watch -- apiGroups: - - image.openshift.io - resources: - - imagestreams - - imagestreamimports - verbs: - - '*' diff --git a/resources/helm/overlays/wasm-extensions/templates/clusterrolebinding.yaml b/resources/helm/overlays/wasm-extensions/templates/clusterrolebinding.yaml deleted file mode 100644 index ea89a2cd0a..0000000000 --- a/resources/helm/overlays/wasm-extensions/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: wasm-cacher-{{ .Values.revision | default "default" }} - namespace: {{ .Release.Namespace }} - labels: - app: wasm-cacher - istio.io/rev: {{ .Values.revision | default "default" }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: wasm-cacher-{{ .Values.revision | default "default" }}-{{ .Release.Namespace }} -subjects: -- kind: ServiceAccount - name: wasm-cacher-{{ .Values.revision | default "default" }} - namespace: {{ .Release.Namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: wasm-cacher-registry-viewer-{{ .Values.revision | default "default" }} - namespace: {{ .Release.Namespace }} - labels: - app: wasm-cacher - istio.io/rev: {{ .Values.revision | default "default" }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: registry-viewer -subjects: - - kind: ServiceAccount - name: wasm-cacher-{{ .Values.revision | default "default" }} - namespace: {{ .Release.Namespace }} diff --git a/resources/helm/overlays/wasm-extensions/templates/deployment.yaml b/resources/helm/overlays/wasm-extensions/templates/deployment.yaml deleted file mode 100644 index b3ec36d3de..0000000000 --- a/resources/helm/overlays/wasm-extensions/templates/deployment.yaml +++ /dev/null @@ -1,74 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: wasm-cacher - istio.io/rev: {{ .Values.revision | default "default" }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: wasm-cacher-{{ .Values.revision | default "default" }} - namespace: {{ .Release.Namespace }} -spec: - replicas: 1 - selector: - matchLabels: - app: wasm-cacher - istio.io/rev: {{ .Values.revision | default "default" }} - strategy: - type: RollingUpdate - rollingUpdate: - maxSurge: 25% - maxUnavailable: 25% - template: - metadata: - labels: - app: wasm-cacher - istio.io/rev: {{ .Values.revision | default "default" }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - serviceAccountName: wasm-cacher-{{ .Values.revision | default "default" }} - containers: - - name: wasm-cacher - workingDir: "/" -{{- if contains "/" .Values.wasmExtensions.cacher.image }} - image: "{{ .Values.wasmExtensions.cacher.image }}" -{{- else }} - image: "{{ .Values.global.hub }}/{{ .Values.wasmExtensions.cacher.image }}:{{ .Values.global.tag }}" -{{- end }} - imagePullPolicy: Always - command: - - mec - - --namespace - - {{ .Release.Namespace }} - - --baseURL - - http://wasm-cacher-{{ .Values.revision | default "default" }}.{{ .Release.Namespace }}.svc.cluster.local - resources: -{{- if .Values.wasmExtensions.cacher.resources }} -{{ toYaml .Values.wasmExtensions.cacher.resources | trim | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | trim | indent 10 }} -{{- end }} - env: - - name: HOME - value: /podman - ports: - - containerPort: 8080 - volumeMounts: - - name: home - mountPath: /podman - - name: servedir - mountPath: /srv - - name: graph - mountPath: /var/lib/containers - volumes: - - name: home - emptyDir: {} - - name: servedir - emptyDir: {} - - name: graph - emptyDir: {} - dnsPolicy: ClusterFirst - restartPolicy: Always - securityContext: {} - terminationGracePeriodSeconds: 30 diff --git a/resources/helm/overlays/wasm-extensions/templates/destinationrule.yaml b/resources/helm/overlays/wasm-extensions/templates/destinationrule.yaml deleted file mode 100644 index fa95a0f385..0000000000 --- a/resources/helm/overlays/wasm-extensions/templates/destinationrule.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: networking.istio.io/v1beta1 -kind: DestinationRule -metadata: - name: wasm-cacher-{{ .Values.revision | default "default" }} - namespace: {{ .Release.Namespace }} - labels: - app: wasm-cacher - istio.io/rev: {{ .Values.revision | default "default" }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: wasm-cacher-{{ .Values.revision | default "default" }}.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - tls: - mode: DISABLE diff --git a/resources/helm/overlays/wasm-extensions/templates/service.yaml b/resources/helm/overlays/wasm-extensions/templates/service.yaml deleted file mode 100644 index 5726d3dbf6..0000000000 --- a/resources/helm/overlays/wasm-extensions/templates/service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: wasm-cacher-{{ .Values.revision | default "default" }} - namespace: {{ .Release.Namespace }} - labels: - app: wasm-cacher - istio.io/rev: {{ .Values.revision | default "default" }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - ports: - - port: 80 - targetPort: 8080 - name: http - selector: - app: wasm-cacher - istio.io/rev: {{ .Values.revision | default "default" }} diff --git a/resources/helm/overlays/wasm-extensions/templates/serviceaccount.yaml b/resources/helm/overlays/wasm-extensions/templates/serviceaccount.yaml deleted file mode 100644 index 575070ff67..0000000000 --- a/resources/helm/overlays/wasm-extensions/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: wasm-cacher-{{ .Values.revision | default "default" }} - namespace: {{ .Release.Namespace }} - labels: - app: wasm-cacher - istio.io/rev: {{ .Values.revision | default "default" }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} diff --git a/resources/helm/overlays/wasm-extensions/values.yaml b/resources/helm/overlays/wasm-extensions/values.yaml deleted file mode 100644 index f47fe3c457..0000000000 --- a/resources/helm/overlays/wasm-extensions/values.yaml +++ /dev/null @@ -1,16 +0,0 @@ -global: - proxy: - # CAUTION: It is important to ensure that all Istio helm charts specify the same clusterDomain value - # cluster domain. Default value is "cluster.local". - clusterDomain: "cluster.local" - - # ImagePullSecrets for control plane ServiceAccount, list of secrets in the same namespace - # to use for pulling any images in pods that reference this ServiceAccount. - # Must be set for any cluster configured with private docker registry. - imagePullSecrets: [] - -wasmExtensions: - enabled: true - - cacher: - image: pilot diff --git a/resources/helm/v2.3/istio-control/istio-discovery/templates/clusterrole.yaml b/resources/helm/v2.3/istio-control/istio-discovery/templates/clusterrole.yaml index 0ab9f38eb2..b601369a48 100644 --- a/resources/helm/v2.3/istio-control/istio-discovery/templates/clusterrole.yaml +++ b/resources/helm/v2.3/istio-control/istio-discovery/templates/clusterrole.yaml @@ -114,9 +114,6 @@ rules: - apiGroups: ["route.openshift.io"] resources: ["routes", "routes/custom-host"] verbs: ["get", "list", "watch", "create", "delete", "update"] - - apiGroups: ["maistra.io"] - resources: ["servicemeshextensions"] - verbs: ["get", "list", "watch"] # Allow use of blockOwnerDeletion in ownerReferences pointing to Pods (see OSSM-1321) - apiGroups: [""] resources: ["pods/finalizers"] diff --git a/resources/helm/v2.3/istio-control/istio-discovery/templates/validatingwebhookconfiguration.yaml b/resources/helm/v2.3/istio-control/istio-discovery/templates/validatingwebhookconfiguration.yaml index 9deb3cc1ca..b5b1a73510 100644 --- a/resources/helm/v2.3/istio-control/istio-discovery/templates/validatingwebhookconfiguration.yaml +++ b/resources/helm/v2.3/istio-control/istio-discovery/templates/validatingwebhookconfiguration.yaml @@ -39,15 +39,6 @@ webhooks: - "*" resources: - "*" - - operations: - - CREATE - - UPDATE - apiGroups: - - maistra.io - apiVersions: - - "*" - resources: - - "servicemeshextensions" - operations: - CREATE - UPDATE diff --git a/resources/helm/v2.3/wasm-extensions/Chart.yaml b/resources/helm/v2.3/wasm-extensions/Chart.yaml deleted file mode 100644 index 3ae45ef623..0000000000 --- a/resources/helm/v2.3/wasm-extensions/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -name: wasm-extensions -version: 2.0.0 -appVersion: 1.0.0 -tillerVersion: ">=2.7.2-0" -description: Helm chart for Maistra WASM Extensions -keywords: - - maistra - - wasm -sources: - - http://github.com/maistra/istio -engine: gotpl -icon: https://istio.io/favicons/android-192x192.png diff --git a/resources/helm/v2.3/wasm-extensions/templates/_helpers.tpl b/resources/helm/v2.3/wasm-extensions/templates/_helpers.tpl deleted file mode 100644 index 3f6288f368..0000000000 --- a/resources/helm/v2.3/wasm-extensions/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "wasm-extensions.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "wasm-extensions.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "wasm-extensions.chart" -}} -{{- .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/resources/helm/v2.3/wasm-extensions/templates/clusterrole.yaml b/resources/helm/v2.3/wasm-extensions/templates/clusterrole.yaml deleted file mode 100644 index 3dc1b29287..0000000000 --- a/resources/helm/v2.3/wasm-extensions/templates/clusterrole.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: wasm-cacher-{{ .Values.revision | default "default" }}-{{ .Release.Namespace }} - labels: - maistra-version: "2.3.0" - release: {{ .Release.Name }} - app: wasm-cacher - istio.io/rev: {{ .Values.revision | default "default" }} -rules: -- apiGroups: - - maistra.io - resources: - - servicemeshextensions - - servicemeshextensions/status - - servicemeshextensions/finalizers - verbs: - - get - - list - - watch - - update -- apiGroups: - - maistra.io - resources: - - servicemeshmemberrolls - verbs: - - get - - list - - watch -- apiGroups: - - image.openshift.io - resources: - - imagestreams - - imagestreamimports - verbs: - - '*' diff --git a/resources/helm/v2.3/wasm-extensions/templates/clusterrolebinding.yaml b/resources/helm/v2.3/wasm-extensions/templates/clusterrolebinding.yaml deleted file mode 100644 index 561d391b49..0000000000 --- a/resources/helm/v2.3/wasm-extensions/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: wasm-cacher-{{ .Values.revision | default "default" }} - namespace: {{ .Release.Namespace }} - labels: - maistra-version: "2.3.0" - app: wasm-cacher - istio.io/rev: {{ .Values.revision | default "default" }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: wasm-cacher-{{ .Values.revision | default "default" }}-{{ .Release.Namespace }} -subjects: -- kind: ServiceAccount - name: wasm-cacher-{{ .Values.revision | default "default" }} - namespace: {{ .Release.Namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: wasm-cacher-registry-viewer-{{ .Values.revision | default "default" }} - namespace: {{ .Release.Namespace }} - labels: - maistra-version: "2.3.0" - app: wasm-cacher - istio.io/rev: {{ .Values.revision | default "default" }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: registry-viewer -subjects: - - kind: ServiceAccount - name: wasm-cacher-{{ .Values.revision | default "default" }} - namespace: {{ .Release.Namespace }} diff --git a/resources/helm/v2.3/wasm-extensions/templates/deployment.yaml b/resources/helm/v2.3/wasm-extensions/templates/deployment.yaml deleted file mode 100644 index 46ec010d85..0000000000 --- a/resources/helm/v2.3/wasm-extensions/templates/deployment.yaml +++ /dev/null @@ -1,76 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - maistra-version: "2.3.0" - app: wasm-cacher - istio.io/rev: {{ .Values.revision | default "default" }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: wasm-cacher-{{ .Values.revision | default "default" }} - namespace: {{ .Release.Namespace }} -spec: - replicas: 1 - selector: - matchLabels: - app: wasm-cacher - istio.io/rev: {{ .Values.revision | default "default" }} - strategy: - type: RollingUpdate - rollingUpdate: - maxSurge: 25% - maxUnavailable: 25% - template: - metadata: - labels: - maistra-control-plane: {{ .Release.Namespace }} - app: wasm-cacher - istio.io/rev: {{ .Values.revision | default "default" }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - serviceAccountName: wasm-cacher-{{ .Values.revision | default "default" }} - containers: - - name: wasm-cacher - workingDir: "/" -{{- if contains "/" .Values.wasmExtensions.cacher.image }} - image: "{{ .Values.wasmExtensions.cacher.image }}" -{{- else }} - image: "{{ .Values.global.hub }}/{{ .Values.wasmExtensions.cacher.image }}:{{ .Values.global.tag }}" -{{- end }} - imagePullPolicy: Always - command: - - mec - - --namespace - - {{ .Release.Namespace }} - - --baseURL - - http://wasm-cacher-{{ .Values.revision | default "default" }}.{{ .Release.Namespace }}.svc.cluster.local - resources: -{{- if .Values.wasmExtensions.cacher.resources }} -{{ toYaml .Values.wasmExtensions.cacher.resources | trim | indent 10 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | trim | indent 10 }} -{{- end }} - env: - - name: HOME - value: /podman - ports: - - containerPort: 8080 - volumeMounts: - - name: home - mountPath: /podman - - name: servedir - mountPath: /srv - - name: graph - mountPath: /var/lib/containers - volumes: - - name: home - emptyDir: {} - - name: servedir - emptyDir: {} - - name: graph - emptyDir: {} - dnsPolicy: ClusterFirst - restartPolicy: Always - securityContext: {} - terminationGracePeriodSeconds: 30 diff --git a/resources/helm/v2.3/wasm-extensions/templates/destinationrule.yaml b/resources/helm/v2.3/wasm-extensions/templates/destinationrule.yaml deleted file mode 100644 index c4e3097b0a..0000000000 --- a/resources/helm/v2.3/wasm-extensions/templates/destinationrule.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: networking.istio.io/v1beta1 -kind: DestinationRule -metadata: - name: wasm-cacher-{{ .Values.revision | default "default" }} - namespace: {{ .Release.Namespace }} - labels: - maistra-version: "2.3.0" - app: wasm-cacher - istio.io/rev: {{ .Values.revision | default "default" }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - host: wasm-cacher-{{ .Values.revision | default "default" }}.{{ .Release.Namespace }}.svc.{{ .Values.global.proxy.clusterDomain }} - {{- if .Values.global.defaultConfigVisibilitySettings }} - exportTo: - - '*' - {{- end }} - trafficPolicy: - tls: - mode: DISABLE diff --git a/resources/helm/v2.3/wasm-extensions/templates/service.yaml b/resources/helm/v2.3/wasm-extensions/templates/service.yaml deleted file mode 100644 index b205298991..0000000000 --- a/resources/helm/v2.3/wasm-extensions/templates/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: wasm-cacher-{{ .Values.revision | default "default" }} - namespace: {{ .Release.Namespace }} - labels: - maistra-version: "2.3.0" - app: wasm-cacher - istio.io/rev: {{ .Values.revision | default "default" }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - ports: - - port: 80 - targetPort: 8080 - name: http - selector: - app: wasm-cacher - istio.io/rev: {{ .Values.revision | default "default" }} diff --git a/resources/helm/v2.3/wasm-extensions/templates/serviceaccount.yaml b/resources/helm/v2.3/wasm-extensions/templates/serviceaccount.yaml deleted file mode 100644 index 0c5d19a6c5..0000000000 --- a/resources/helm/v2.3/wasm-extensions/templates/serviceaccount.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: wasm-cacher-{{ .Values.revision | default "default" }} - namespace: {{ .Release.Namespace }} - labels: - maistra-version: "2.3.0" - app: wasm-cacher - istio.io/rev: {{ .Values.revision | default "default" }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} diff --git a/resources/helm/v2.3/wasm-extensions/values.yaml b/resources/helm/v2.3/wasm-extensions/values.yaml deleted file mode 100644 index f47fe3c457..0000000000 --- a/resources/helm/v2.3/wasm-extensions/values.yaml +++ /dev/null @@ -1,16 +0,0 @@ -global: - proxy: - # CAUTION: It is important to ensure that all Istio helm charts specify the same clusterDomain value - # cluster domain. Default value is "cluster.local". - clusterDomain: "cluster.local" - - # ImagePullSecrets for control plane ServiceAccount, list of secrets in the same namespace - # to use for pulling any images in pods that reference this ServiceAccount. - # Must be set for any cluster configured with private docker registry. - imagePullSecrets: [] - -wasmExtensions: - enabled: true - - cacher: - image: pilot