From 6114405a42985b1dfdabc726c573caa33c05b8c4 Mon Sep 17 00:00:00 2001 From: svcAPLBot <174728082+svcAPLBot@users.noreply.github.com> Date: Tue, 12 Aug 2025 00:52:04 +0000 Subject: [PATCH 1/2] chore(chart-deps): update kiali-operator to version 2.14.0 --- apps.yaml | 4 ++-- chart/chart-index/Chart.yaml | 2 +- charts/kiali-operator/Chart.yaml | 4 ++-- charts/kiali-operator/templates/NOTES.txt | 11 +++++++++++ charts/kiali-operator/templates/_helpers.tpl | 15 +++++++++++++++ charts/kiali-operator/templates/clusterrole.yaml | 3 +++ .../templates/clusterrolebinding.yaml | 2 ++ .../kiali-operator/templates/serviceaccount.yaml | 2 ++ charts/kiali-operator/values.yaml | 15 ++++++++++++++- 9 files changed, 52 insertions(+), 6 deletions(-) diff --git a/apps.yaml b/apps.yaml index c33fe1efe2..17203fbe56 100644 --- a/apps.yaml +++ b/apps.yaml @@ -132,7 +132,7 @@ appsInfo: integration: APL integrated ingress-nginx into an advanced ingress architecture. istio: title: Istio - appVersion: 1.26.1 + appVersion: 1.27.0 repo: https://github.com/istio/istio maintainers: Istio relatedLinks: @@ -171,7 +171,7 @@ appsInfo: integration: The SSO login page for APL is served by Keycloak. Keycloak is used as an identity broker or provider for all APL integrated applications. By default Keycloak is configured as an Identity Broker. Keycloak is part of the core of APL and is always enabled. kiali: title: Kiali Operator - appVersion: 2.10.0 + appVersion: 2.14.0 repo: https://github.com/kiali/kiali maintainers: Kiali relatedLinks: diff --git a/chart/chart-index/Chart.yaml b/chart/chart-index/Chart.yaml index 1e1c4588e6..0f1e726d3d 100644 --- a/chart/chart-index/Chart.yaml +++ b/chart/chart-index/Chart.yaml @@ -50,7 +50,7 @@ dependencies: version: 24.7.1 repository: https://charts.bitnami.com/bitnami - name: kiali-operator - version: 2.10.0 + version: 2.14.0 repository: https://kiali.org/helm-charts - name: knative-operator version: v1.18.1 diff --git a/charts/kiali-operator/Chart.yaml b/charts/kiali-operator/Chart.yaml index c1f65e8fc1..272a0940bd 100644 --- a/charts/kiali-operator/Chart.yaml +++ b/charts/kiali-operator/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: v2.10.0 +appVersion: v2.14.0 description: Kiali is an open source project for service mesh observability, refer to https://www.kiali.io for details. home: https://github.com/kiali/kiali-operator @@ -17,4 +17,4 @@ sources: - https://github.com/kiali/kiali - https://github.com/kiali/kiali-operator - https://github.com/kiali/helm-charts -version: 2.10.0 +version: 2.14.0 diff --git a/charts/kiali-operator/templates/NOTES.txt b/charts/kiali-operator/templates/NOTES.txt index 4f22052b24..9924e45ccd 100644 --- a/charts/kiali-operator/templates/NOTES.txt +++ b/charts/kiali-operator/templates/NOTES.txt @@ -1,6 +1,17 @@ Welcome to Kiali! For more details on Kiali, see: https://kiali.io +{{- if .Values.skipResources }} +The Kiali Operator [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. +=============== +!!! WARNING !!! +=============== +You have configured the "skipResources" setting. This helm chart will not create or manage those resources. +It is your responsibility to manually create those resources yourself. Until you create those +resources with their correct configurations, the operator WILL NOT work. +{{- else }} The Kiali Operator [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon. +{{- end }} +=============== {{- if .Values.cr.create }} {{- if or (and (not .Values.watchNamespace) (not .Values.cr.namespace)) (and (.Values.watchNamespace) (eq .Values.watchNamespace .Release.Namespace)) (and (.Values.cr.namespace) (eq .Values.cr.namespace .Release.Namespace)) }} diff --git a/charts/kiali-operator/templates/_helpers.tpl b/charts/kiali-operator/templates/_helpers.tpl index 85480f15d6..6f3b2341ca 100644 --- a/charts/kiali-operator/templates/_helpers.tpl +++ b/charts/kiali-operator/templates/_helpers.tpl @@ -56,3 +56,18 @@ app.kubernetes.io/name: {{ include "kiali-operator.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} +{{/* +Returns true if the given resource kind is in .Values.skipResources +This aborts if .Values.skipResources has invalid values. +*/}} +{{- define "kiali-operator.isSkippedResource" -}} + {{- $validSkipResources := dict "clusterrole" true "clusterrolebinding" true "sa" true }} + {{- $ctx := .ctx }} + {{- $name := .name }} + {{- range $i, $item := $ctx.Values.skipResources }} + {{- if not (hasKey $validSkipResources $item) }} + {{- fail (printf "Aborting due to an invalid entry [%q] in skipResources: %q. Valid list item values are: %q" $item $ctx.Values.skipResources (keys $validSkipResources)) }} + {{- end }} + {{- end }} + {{- has $name $ctx.Values.skipResources }} +{{- end }} diff --git a/charts/kiali-operator/templates/clusterrole.yaml b/charts/kiali-operator/templates/clusterrole.yaml index 420483f14a..a2c7cde8ec 100644 --- a/charts/kiali-operator/templates/clusterrole.yaml +++ b/charts/kiali-operator/templates/clusterrole.yaml @@ -1,3 +1,4 @@ +{{- if eq "false" (include "kiali-operator.isSkippedResource" (dict "ctx" . "name" "clusterrole")) -}} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -275,6 +276,7 @@ rules: - extensions.istio.io - telemetry.istio.io - gateway.networking.k8s.io + - inference.networking.x-k8s.io resources: ["*"] verbs: - get @@ -318,3 +320,4 @@ rules: - list - watch ... +{{- end -}} diff --git a/charts/kiali-operator/templates/clusterrolebinding.yaml b/charts/kiali-operator/templates/clusterrolebinding.yaml index 747939bbd0..ab97aca1d8 100644 --- a/charts/kiali-operator/templates/clusterrolebinding.yaml +++ b/charts/kiali-operator/templates/clusterrolebinding.yaml @@ -1,3 +1,4 @@ +{{- if eq "false" (include "kiali-operator.isSkippedResource" (dict "ctx" . "name" "clusterrolebinding")) -}} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -14,3 +15,4 @@ roleRef: name: {{ include "kiali-operator.fullname" . }} apiGroup: rbac.authorization.k8s.io ... +{{- end -}} diff --git a/charts/kiali-operator/templates/serviceaccount.yaml b/charts/kiali-operator/templates/serviceaccount.yaml index 64e8238eea..9b3cf34c1e 100644 --- a/charts/kiali-operator/templates/serviceaccount.yaml +++ b/charts/kiali-operator/templates/serviceaccount.yaml @@ -1,3 +1,4 @@ +{{- if eq "false" (include "kiali-operator.isSkippedResource" (dict "ctx" . "name" "sa")) -}} --- apiVersion: v1 kind: ServiceAccount @@ -13,3 +14,4 @@ imagePullSecrets: {{- end }} {{- end }} ... +{{- end -}} diff --git a/charts/kiali-operator/values.yaml b/charts/kiali-operator/values.yaml index 678deed6c3..96d1a29597 100644 --- a/charts/kiali-operator/values.yaml +++ b/charts/kiali-operator/values.yaml @@ -3,7 +3,7 @@ fullnameOverride: "" image: # see: https://quay.io/repository/kiali/kiali-operator?tab=tags repo: quay.io/kiali/kiali-operator # quay.io/kiali/kiali-operator - tag: v2.10.0 # version string like v1.39.0 or a digest hash + tag: v2.14.0 # version string like v1.39.0 or a digest hash digest: "" # use "sha256" if tag is a sha256 hash (do NOT prefix this value with a "@") pullPolicy: Always pullSecrets: [] @@ -24,6 +24,19 @@ replicaCount: 1 priorityClassName: "" securityContext: {} +# This helm chart will create Kubernetes resources such as cluster roles, cluster role bindings, and service accounts. +# For very rare use-cases, users may want to manage some of these resources manually, outside +# of this helm chart. In cases like this, you can inform this helm chart to skip the creation of +# those resources that you want to manage yourself. +# For example, if you want to manage cluster roles and cluster role bindings yourself, but you still want this helm +# chart to create service accounts, set the value of "skipResources" to an array +# value of ["clusterrole", "clusterrolebinding"]. +# If you use this feature, you must be aware that you then bear the responsibility of +# creating these resources yourself manually; if you do not then the installation +# will be broken. Therefore, only use this feature if you know what you are doing. +# Valid list item values are: "clusterrole", "clusterrolebinding", "sa" +skipResources: [] + # metrics.enabled: set to true if you want Prometheus to collect metrics from the operator metrics: enabled: true From 8c1f5f452bf738e09cb4555a68003e74721a2f45 Mon Sep 17 00:00:00 2001 From: merll Date: Thu, 28 Aug 2025 16:46:57 +0200 Subject: [PATCH 2/2] Update apps.yaml --- apps.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps.yaml b/apps.yaml index f92d3b0580..878ca53165 100644 --- a/apps.yaml +++ b/apps.yaml @@ -132,7 +132,7 @@ appsInfo: integration: APL integrated ingress-nginx into an advanced ingress architecture. istio: title: Istio - appVersion: 1.27.0 + appVersion: 1.26.1 repo: https://github.com/istio/istio maintainers: Istio relatedLinks: