81 lines
3.5 KiB
YAML
81 lines
3.5 KiB
YAML
|
{{- if not .Values.global.omitSidecarInjectorConfigMap }}
|
||
|
apiVersion: v1
|
||
|
kind: ConfigMap
|
||
|
metadata:
|
||
|
name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
|
||
|
namespace: {{ .Release.Namespace }}
|
||
|
labels:
|
||
|
istio.io/rev: {{ .Values.revision | default "default" | quote }}
|
||
|
install.operator.istio.io/owning-resource: {{ .Values.ownerName | default "unknown" }}
|
||
|
operator.istio.io/component: "Pilot"
|
||
|
release: {{ .Release.Name }}
|
||
|
data:
|
||
|
{{/* Scope the values to just top level fields used in the template, to reduce the size. */}}
|
||
|
values: |-
|
||
|
{{ $vals := pick .Values "global" "istio_cni" "sidecarInjectorWebhook" "revision" -}}
|
||
|
{{ $pilotVals := pick .Values.pilot "cni" -}}
|
||
|
{{ $vals = set $vals "pilot" $pilotVals -}}
|
||
|
{{ $gatewayVals := pick .Values.gateways "securityContext" "seccompProfile" -}}
|
||
|
{{ $vals = set $vals "gateways" $gatewayVals -}}
|
||
|
{{ $vals | toPrettyJson | indent 4 }}
|
||
|
|
||
|
# To disable injection: use omitSidecarInjectorConfigMap, which disables the webhook patching
|
||
|
# and istiod webhook functionality.
|
||
|
#
|
||
|
# New fields should not use Values - it is a 'primary' config object, users should be able
|
||
|
# to fine tune it or use it with kube-inject.
|
||
|
config: |-
|
||
|
# defaultTemplates defines the default template to use for pods that do not explicitly specify a template
|
||
|
{{- if .Values.sidecarInjectorWebhook.defaultTemplates }}
|
||
|
defaultTemplates:
|
||
|
{{- range .Values.sidecarInjectorWebhook.defaultTemplates}}
|
||
|
- {{ . }}
|
||
|
{{- end }}
|
||
|
{{- else }}
|
||
|
defaultTemplates: [sidecar]
|
||
|
{{- end }}
|
||
|
policy: {{ .Values.global.proxy.autoInject }}
|
||
|
alwaysInjectSelector:
|
||
|
{{ toYaml .Values.sidecarInjectorWebhook.alwaysInjectSelector | trim | indent 6 }}
|
||
|
neverInjectSelector:
|
||
|
{{ toYaml .Values.sidecarInjectorWebhook.neverInjectSelector | trim | indent 6 }}
|
||
|
injectedAnnotations:
|
||
|
{{- range $key, $val := .Values.sidecarInjectorWebhook.injectedAnnotations }}
|
||
|
"{{ $key }}": {{ $val | quote }}
|
||
|
{{- end }}
|
||
|
{{- /* If someone ends up with this new template, but an older Istiod image, they will attempt to render this template
|
||
|
which will fail with "Pod injection failed: template: inject:1: function "Istio_1_9_Required_Template_And_Version_Mismatched" not defined".
|
||
|
This should make it obvious that their installation is broken.
|
||
|
*/}}
|
||
|
template: {{ `{{ Template_Version_And_Istio_Version_Mismatched_Check_Installation }}` | quote }}
|
||
|
templates:
|
||
|
{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "sidecar") }}
|
||
|
sidecar: |
|
||
|
{{ .Files.Get "files/injection-template.yaml" | trim | indent 8 }}
|
||
|
{{- end }}
|
||
|
{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "gateway") }}
|
||
|
gateway: |
|
||
|
{{ .Files.Get "files/gateway-injection-template.yaml" | trim | indent 8 }}
|
||
|
{{- end }}
|
||
|
{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "grpc-simple") }}
|
||
|
grpc-simple: |
|
||
|
{{ .Files.Get "files/grpc-simple.yaml" | trim | indent 8 }}
|
||
|
{{- end }}
|
||
|
{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "grpc-agent") }}
|
||
|
grpc-agent: |
|
||
|
{{ .Files.Get "files/grpc-agent.yaml" | trim | indent 8 }}
|
||
|
{{- end }}
|
||
|
{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "waypoint") }}
|
||
|
waypoint: |
|
||
|
{{ .Files.Get "files/waypoint.yaml" | trim | indent 8 }}
|
||
|
{{- end }}
|
||
|
{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "kube-gateway") }}
|
||
|
kube-gateway: |
|
||
|
{{ .Files.Get "files/kube-gateway.yaml" | trim | indent 8 }}
|
||
|
{{- end }}
|
||
|
{{- with .Values.sidecarInjectorWebhook.templates }}
|
||
|
{{ toYaml . | trim | indent 6 }}
|
||
|
{{- end }}
|
||
|
|
||
|
{{- end }}
|