basic ztunnel support for revision (istio#46421)

* add basic support for configuring xds and ca addresses in ztunnel when a revision is used Signed-off-by: ilrudie <[email protected]> * update translation to ensure top-level k/v pairs are not being stripped during flatten operation Signed-off-by: ilrudie <[email protected]> * adding release note Signed-off-by: ilrudie <[email protected]> --------- Signed-off-by: ilrudie <[email protected]>
fatedier · Aug 22, 2023 · a29d5c9 · a29d5c9
1 parent 153f28e
commit a29d5c9
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 0 deletions.
diff --git a/manifests/charts/ztunnel/templates/daemonset.yaml b/manifests/charts/ztunnel/templates/daemonset.yaml
@@ -75,6 +75,14 @@ spec:
  - proxy
  - ztunnel
  env:
+ - name: CA_ADDRESS
+ {{- if .Values.caAddress }}
+ value: {{ .Values.caAddress }}
+ {{- else }}
+ value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.istioNamespace }}.svc:15012
+ {{- end }}
+ - name: XDS_ADDRESS
+ value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.istioNamespace }}.svc:15012
  - name: CLUSTER_ID
  value: {{ .Values.multiCluster.clusterName | default "Kubernetes" }}
  - name: POD_NAME

diff --git a/manifests/charts/ztunnel/values.yaml b/manifests/charts/ztunnel/values.yaml
@@ -65,3 +65,13 @@ redirectMode: "iptables"
 # 2. how many seconds ztunnel waits to drain its own connections (this value - 1 sec)
 # Default K8S value is 30 seconds
 terminationGracePeriodSeconds: 30
+
+# Revision is set as 'version' label and part of the resource names when installing multiple control planes.
+revision: ""
+
+# The customized CA address to retrieve certificates for the pods in the cluster.
+# CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint.
+caAddress: ""
+
+# Used to locate istiod.
+istioNamespace: istio-system
diff --git a/operator/pkg/translate/translate.go b/operator/pkg/translate/translate.go
@@ -603,6 +603,13 @@ func (t *Translator) TranslateHelmValues(iop *v1alpha1.IstioOperatorSpec, compon
  return "", fmt.Errorf("component value isn't a map")
  }
  finalVals := map[string]any{}
+ // strip out anything from the original apiVals which are a map[string]any but populate other top-level fields
+ for k, v := range apiVals {
+ _, isMap := v.(map[string]any)
+ if !isMap {
+ finalVals[k] = v
+ }
+ }
  for k, v := range globals {
  finalVals[k] = v
  }

diff --git a/releasenotes/notes/46421.yaml b/releasenotes/notes/46421.yaml
@@ -0,0 +1,8 @@
+apiVersion: release-notes/v2
+kind: feature
+area: installation
+issue:
+ - 46421
+releaseNotes:
+ - |
+ **Added** basic ztunnel support for revisions when installing with istioctl.