From ff42a6ac2c226ff131cf6ab0a464b82b41ff23b9 Mon Sep 17 00:00:00 2001 From: Daniel Grimm Date: Mon, 14 Nov 2022 16:41:19 +0000 Subject: [PATCH] Allow to set ConfigMap name for istio-ca-root-cert Co-authored-by: Daniel Grimm Signed-off-by: Yann Liu --- .../gateways/istio-egress/templates/deployment.yaml | 2 +- manifests/charts/gateways/istio-egress/values.yaml | 3 +++ .../gateways/istio-ingress/templates/deployment.yaml | 2 +- manifests/charts/gateways/istio-ingress/values.yaml | 3 +++ .../files/gateway-injection-template.yaml | 2 +- .../istio-discovery/files/grpc-agent.yaml | 2 +- .../istio-discovery/files/injection-template.yaml | 2 +- .../istio-discovery/files/kube-gateway.yaml | 2 +- .../istio-control/istio-discovery/files/waypoint.yaml | 2 +- .../istio-discovery/templates/deployment.yaml | 2 +- .../charts/istio-control/istio-discovery/values.yaml | 3 +++ .../files/gateway-injection-template.yaml | 2 +- .../charts/istiod-remote/files/injection-template.yaml | 2 +- manifests/charts/istiod-remote/values.yaml | 2 ++ manifests/charts/ztunnel/templates/daemonset.yaml | 2 +- manifests/charts/ztunnel/values.yaml | 3 +++ .../config/kube/gateway/deploymentcontroller_test.go | 5 +++-- pilot/pkg/features/pilot.go | 3 +++ .../kube/controller/namespacecontroller.go | 6 +++--- .../inputs/custom-template.yaml.40.template.gen.yaml | 10 +++++----- .../inputs/custom-template.yaml.40.values.gen.yaml | 1 + .../inject/testdata/inputs/default.template.gen.yaml | 10 +++++----- .../inject/testdata/inputs/default.values.gen.yaml | 1 + .../inputs/enable-core-dump.yaml.5.template.gen.yaml | 10 +++++----- .../inputs/enable-core-dump.yaml.5.values.gen.yaml | 1 + ...isting-cncf-networks-json.yaml.16.template.gen.yaml | 10 +++++----- ...existing-cncf-networks-json.yaml.16.values.gen.yaml | 1 + ...lo-existing-cncf-networks.yaml.15.template.gen.yaml | 10 +++++----- ...ello-existing-cncf-networks.yaml.15.values.gen.yaml | 1 + .../hello-image-pull-secret.yaml.11.template.gen.yaml | 10 +++++----- .../hello-image-pull-secret.yaml.11.values.gen.yaml | 1 + ...ldApplication-ProxyConfig.yaml.20.template.gen.yaml | 10 +++++----- ...HoldApplication-ProxyConfig.yaml.20.values.gen.yaml | 1 + .../inputs/hello-probes.yaml.18.template.gen.yaml | 10 +++++----- .../inputs/hello-probes.yaml.18.values.gen.yaml | 1 + .../testdata/inputs/hello.yaml.0.template.gen.yaml | 10 +++++----- .../testdata/inputs/hello.yaml.0.values.gen.yaml | 1 + .../testdata/inputs/hello.yaml.1.template.gen.yaml | 10 +++++----- .../testdata/inputs/hello.yaml.1.values.gen.yaml | 1 + .../testdata/inputs/hello.yaml.10.template.gen.yaml | 10 +++++----- .../testdata/inputs/hello.yaml.10.values.gen.yaml | 1 + .../testdata/inputs/hello.yaml.12.template.gen.yaml | 10 +++++----- .../testdata/inputs/hello.yaml.12.values.gen.yaml | 1 + .../testdata/inputs/hello.yaml.13.template.gen.yaml | 10 +++++----- .../testdata/inputs/hello.yaml.13.values.gen.yaml | 1 + .../testdata/inputs/hello.yaml.14.template.gen.yaml | 10 +++++----- .../testdata/inputs/hello.yaml.14.values.gen.yaml | 1 + .../testdata/inputs/hello.yaml.17.template.gen.yaml | 10 +++++----- .../testdata/inputs/hello.yaml.17.values.gen.yaml | 1 + .../testdata/inputs/hello.yaml.3.template.gen.yaml | 10 +++++----- .../testdata/inputs/hello.yaml.3.values.gen.yaml | 1 + .../testdata/inputs/hello.yaml.4.template.gen.yaml | 10 +++++----- .../testdata/inputs/hello.yaml.4.values.gen.yaml | 1 + .../inputs/kubevirtInterfaces.yaml.9.template.gen.yaml | 10 +++++----- .../inputs/kubevirtInterfaces.yaml.9.values.gen.yaml | 1 + .../inputs/merge-probers.yaml.43.template.gen.yaml | 10 +++++----- .../inputs/merge-probers.yaml.43.values.gen.yaml | 1 + .../inputs/status_params.yaml.8.template.gen.yaml | 10 +++++----- .../inputs/status_params.yaml.8.values.gen.yaml | 1 + .../inputs/traffic-params.yaml.7.template.gen.yaml | 10 +++++----- .../inputs/traffic-params.yaml.7.values.gen.yaml | 1 + 61 files changed, 160 insertions(+), 121 deletions(-) diff --git a/manifests/charts/gateways/istio-egress/templates/deployment.yaml b/manifests/charts/gateways/istio-egress/templates/deployment.yaml index 1bdaa8e1551..5eb70cd57c0 100644 --- a/manifests/charts/gateways/istio-egress/templates/deployment.yaml +++ b/manifests/charts/gateways/istio-egress/templates/deployment.yaml @@ -285,7 +285,7 @@ spec: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} - name: podinfo downwardAPI: diff --git a/manifests/charts/gateways/istio-egress/values.yaml b/manifests/charts/gateways/istio-egress/values.yaml index 05f7f512ba3..d8d9e911cbc 100644 --- a/manifests/charts/gateways/istio-egress/values.yaml +++ b/manifests/charts/gateways/istio-egress/values.yaml @@ -214,6 +214,9 @@ global: # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. caAddress: "" + # The name of the ConfigMap that stores the CA Root Certificate + caCertConfigMapName: "istio-ca-root-cert" + # Used to locate istiod. istioNamespace: istio-system diff --git a/manifests/charts/gateways/istio-ingress/templates/deployment.yaml b/manifests/charts/gateways/istio-ingress/templates/deployment.yaml index 081a6d1f57d..0f0e87ff652 100644 --- a/manifests/charts/gateways/istio-ingress/templates/deployment.yaml +++ b/manifests/charts/gateways/istio-ingress/templates/deployment.yaml @@ -285,7 +285,7 @@ spec: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} - name: podinfo downwardAPI: diff --git a/manifests/charts/gateways/istio-ingress/values.yaml b/manifests/charts/gateways/istio-ingress/values.yaml index 14f3847d7ae..c8cb75c1e5a 100644 --- a/manifests/charts/gateways/istio-ingress/values.yaml +++ b/manifests/charts/gateways/istio-ingress/values.yaml @@ -231,6 +231,9 @@ global: # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. caAddress: "" + # The name of the ConfigMap that stores the CA Root Certificate + caCertConfigMapName: "istio-ca-root-cert" + # Used to locate istiod. istioNamespace: istio-system diff --git a/manifests/charts/istio-control/istio-discovery/files/gateway-injection-template.yaml b/manifests/charts/istio-control/istio-discovery/files/gateway-injection-template.yaml index 962c918bfec..27f3624f220 100644 --- a/manifests/charts/istio-control/istio-discovery/files/gateway-injection-template.yaml +++ b/manifests/charts/istio-control/istio-discovery/files/gateway-injection-template.yaml @@ -231,7 +231,7 @@ spec: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. diff --git a/manifests/charts/istio-control/istio-discovery/files/grpc-agent.yaml b/manifests/charts/istio-control/istio-discovery/files/grpc-agent.yaml index eb179b374de..6dfc836aa02 100644 --- a/manifests/charts/istio-control/istio-discovery/files/grpc-agent.yaml +++ b/manifests/charts/istio-control/istio-discovery/files/grpc-agent.yaml @@ -289,7 +289,7 @@ spec: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. diff --git a/manifests/charts/istio-control/istio-discovery/files/injection-template.yaml b/manifests/charts/istio-control/istio-discovery/files/injection-template.yaml index 6a59fb937fa..d1c1ae216ec 100644 --- a/manifests/charts/istio-control/istio-discovery/files/injection-template.yaml +++ b/manifests/charts/istio-control/istio-discovery/files/injection-template.yaml @@ -497,7 +497,7 @@ spec: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if eq .Values.global.pilotCertProvider "kubernetes" }} - name: kube-ca-cert diff --git a/manifests/charts/istio-control/istio-discovery/files/kube-gateway.yaml b/manifests/charts/istio-control/istio-discovery/files/kube-gateway.yaml index 864399c2389..cb350b1b1ca 100644 --- a/manifests/charts/istio-control/istio-discovery/files/kube-gateway.yaml +++ b/manifests/charts/istio-control/istio-discovery/files/kube-gateway.yaml @@ -264,7 +264,7 @@ spec: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.imagePullSecrets }} imagePullSecrets: diff --git a/manifests/charts/istio-control/istio-discovery/files/waypoint.yaml b/manifests/charts/istio-control/istio-discovery/files/waypoint.yaml index 67a2af61893..919b79cd094 100644 --- a/manifests/charts/istio-control/istio-discovery/files/waypoint.yaml +++ b/manifests/charts/istio-control/istio-discovery/files/waypoint.yaml @@ -228,7 +228,7 @@ spec: expirationSeconds: 43200 path: istio-token - configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} name: istiod-ca-cert {{- if .Values.global.imagePullSecrets }} imagePullSecrets: diff --git a/manifests/charts/istio-control/istio-discovery/templates/deployment.yaml b/manifests/charts/istio-control/istio-discovery/templates/deployment.yaml index 7b3b7e72109..5a14a95a723 100644 --- a/manifests/charts/istio-control/istio-discovery/templates/deployment.yaml +++ b/manifests/charts/istio-control/istio-discovery/templates/deployment.yaml @@ -254,7 +254,7 @@ spec: optional: true - name: istio-csr-ca-configmap configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} defaultMode: 420 optional: true {{- if .Values.pilot.jwksResolverExtraRootCA }} diff --git a/manifests/charts/istio-control/istio-discovery/values.yaml b/manifests/charts/istio-control/istio-discovery/values.yaml index 65e9d34b361..23f26d7da8c 100644 --- a/manifests/charts/istio-control/istio-discovery/values.yaml +++ b/manifests/charts/istio-control/istio-discovery/values.yaml @@ -393,6 +393,9 @@ global: # If not set explicitly, default to the Istio discovery address. caAddress: "" + # The name of the ConfigMap that stores the CA Root Certificate + caCertConfigMapName: "istio-ca-root-cert" + # Configure a remote cluster data plane controlled by an external istiod. # When set to true, istiod is not deployed locally and only a subset of the other # discovery charts are enabled. diff --git a/manifests/charts/istiod-remote/files/gateway-injection-template.yaml b/manifests/charts/istiod-remote/files/gateway-injection-template.yaml index 962c918bfec..27f3624f220 100644 --- a/manifests/charts/istiod-remote/files/gateway-injection-template.yaml +++ b/manifests/charts/istiod-remote/files/gateway-injection-template.yaml @@ -231,7 +231,7 @@ spec: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. diff --git a/manifests/charts/istiod-remote/files/injection-template.yaml b/manifests/charts/istiod-remote/files/injection-template.yaml index 6a59fb937fa..d1c1ae216ec 100644 --- a/manifests/charts/istiod-remote/files/injection-template.yaml +++ b/manifests/charts/istiod-remote/files/injection-template.yaml @@ -497,7 +497,7 @@ spec: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if eq .Values.global.pilotCertProvider "kubernetes" }} - name: kube-ca-cert diff --git a/manifests/charts/istiod-remote/values.yaml b/manifests/charts/istiod-remote/values.yaml index 386a02583f4..0f1fdb77d1a 100644 --- a/manifests/charts/istiod-remote/values.yaml +++ b/manifests/charts/istiod-remote/values.yaml @@ -332,6 +332,8 @@ global: # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. # If not set explicitly, default to the Istio discovery address. caAddress: "" + # The name of the ConfigMap that stores the CA Root Certificate + caCertConfigMapName: "istio-ca-root-cert" # Configure a remote cluster data plane controlled by an external istiod. # When set to true, istiod is not deployed locally and only a subset of the other # discovery charts are enabled. diff --git a/manifests/charts/ztunnel/templates/daemonset.yaml b/manifests/charts/ztunnel/templates/daemonset.yaml index c30ee32ca7b..79e73f151b3 100644 --- a/manifests/charts/ztunnel/templates/daemonset.yaml +++ b/manifests/charts/ztunnel/templates/daemonset.yaml @@ -136,7 +136,7 @@ spec: audience: istio-ca - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- with .Values.volumes }} {{- toYaml . | nindent 6}} {{- end }} \ No newline at end of file diff --git a/manifests/charts/ztunnel/values.yaml b/manifests/charts/ztunnel/values.yaml index 20c478379a9..8976323f7b3 100644 --- a/manifests/charts/ztunnel/values.yaml +++ b/manifests/charts/ztunnel/values.yaml @@ -56,6 +56,9 @@ multiCluster: meshConfig: defaultConfig: proxyMetadata: {} +global: + # The name of the ConfigMap that stores the CA Root Certificate + caCertConfigMapName: "istio-ca-root-cert" # Ambient redirection mode: "iptables" or "ebpf" redirectMode: "iptables" diff --git a/pilot/pkg/config/kube/gateway/deploymentcontroller_test.go b/pilot/pkg/config/kube/gateway/deploymentcontroller_test.go index 9b2056b0a32..d4cab9f7ed6 100644 --- a/pilot/pkg/config/kube/gateway/deploymentcontroller_test.go +++ b/pilot/pkg/config/kube/gateway/deploymentcontroller_test.go @@ -361,10 +361,11 @@ func TestVersionManagement(t *testing.T) { } func testInjectionConfig(t test.Failer) func() inject.WebhookConfig { - vc, err := inject.NewValuesConfig(` + vc, err := inject.NewValuesConfig(fmt.Sprintf(` global: hub: test - tag: test`) + tag: test + caCertConfigMapName: %s`, features.CACertConfigMapName)) if err != nil { t.Fatal(err) } diff --git a/pilot/pkg/features/pilot.go b/pilot/pkg/features/pilot.go index 41fa6993226..9e47d0fbde6 100644 --- a/pilot/pkg/features/pilot.go +++ b/pilot/pkg/features/pilot.go @@ -723,6 +723,9 @@ var ( EnableGatewayControllerMode = env.Register("PILOT_ENABLE_GATEWAY_CONTROLLER_MODE", false, "If enabled, istiod will watch Gateway API and k8s resources in every namespace, but Istio resources will be limited to "+ "namespaces that match the meshConfig.discoverySelectors").Get() + + CACertConfigMapName = env.RegisterStringVar("PILOT_CA_CERT_CONFIG_MAP_NAME", "istio-ca-root-cert", + "Name of the ConfigMap that stores the CA Root Certificate.").Get() ) // UnsafeFeaturesEnabled returns true if any unsafe features are enabled. diff --git a/pilot/pkg/serviceregistry/kube/controller/namespacecontroller.go b/pilot/pkg/serviceregistry/kube/controller/namespacecontroller.go index c15f9ad0aec..4cb46548b13 100644 --- a/pilot/pkg/serviceregistry/kube/controller/namespacecontroller.go +++ b/pilot/pkg/serviceregistry/kube/controller/namespacecontroller.go @@ -34,9 +34,6 @@ import ( ) const ( - // CACertNamespaceConfigMap is the name of the ConfigMap in each namespace storing the root cert of non-Kube CA. - CACertNamespaceConfigMap = "istio-ca-root-cert" - // maxRetries is the number of times a namespace will be retried before it is dropped out of the queue. // With the current rate-limiter in use (5ms*2^(maxRetries-1)) the following numbers represent the // sequence of delays between successive queuing of a namespace. @@ -45,6 +42,9 @@ const ( maxRetries = 5 ) +// CACertNamespaceConfigMap is the name of the ConfigMap in each namespace storing the root cert of non-Kube CA. +var CACertNamespaceConfigMap = features.CACertConfigMapName + var configMapLabel = map[string]string{"istio.io/config": "true"} // NamespaceController manages reconciles a configmap in each namespace with a desired set of data. diff --git a/pkg/kube/inject/testdata/inputs/custom-template.yaml.40.template.gen.yaml b/pkg/kube/inject/testdata/inputs/custom-template.yaml.40.template.gen.yaml index 05b7c4adee6..0001da276c7 100644 --- a/pkg/kube/inject/testdata/inputs/custom-template.yaml.40.template.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/custom-template.yaml.40.template.gen.yaml @@ -508,7 +508,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if eq .Values.global.pilotCertProvider "kubernetes" }} - name: kube-ca-cert @@ -778,7 +778,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1155,7 +1155,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1411,7 +1411,7 @@ templates: expirationSeconds: 43200 path: istio-token - configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} name: istiod-ca-cert {{- if .Values.global.imagePullSecrets }} imagePullSecrets: @@ -1716,7 +1716,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.imagePullSecrets }} imagePullSecrets: diff --git a/pkg/kube/inject/testdata/inputs/custom-template.yaml.40.values.gen.yaml b/pkg/kube/inject/testdata/inputs/custom-template.yaml.40.values.gen.yaml index c1f62d507f8..35f226dd529 100644 --- a/pkg/kube/inject/testdata/inputs/custom-template.yaml.40.values.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/custom-template.yaml.40.values.gen.yaml @@ -2,6 +2,7 @@ "global": { "autoscalingv2API": true, "caAddress": "", + "caCertConfigMapName": "istio-ca-root-cert", "caName": "", "certSigners": [], "configCluster": false, diff --git a/pkg/kube/inject/testdata/inputs/default.template.gen.yaml b/pkg/kube/inject/testdata/inputs/default.template.gen.yaml index b4d8f30c489..4acd8b3f772 100644 --- a/pkg/kube/inject/testdata/inputs/default.template.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/default.template.gen.yaml @@ -508,7 +508,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if eq .Values.global.pilotCertProvider "kubernetes" }} - name: kube-ca-cert @@ -778,7 +778,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1155,7 +1155,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1411,7 +1411,7 @@ templates: expirationSeconds: 43200 path: istio-token - configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} name: istiod-ca-cert {{- if .Values.global.imagePullSecrets }} imagePullSecrets: @@ -1716,7 +1716,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.imagePullSecrets }} imagePullSecrets: diff --git a/pkg/kube/inject/testdata/inputs/default.values.gen.yaml b/pkg/kube/inject/testdata/inputs/default.values.gen.yaml index 3faceed6fdd..8028a31c911 100644 --- a/pkg/kube/inject/testdata/inputs/default.values.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/default.values.gen.yaml @@ -2,6 +2,7 @@ "global": { "autoscalingv2API": true, "caAddress": "", + "caCertConfigMapName": "istio-ca-root-cert", "caName": "", "certSigners": [], "configCluster": false, diff --git a/pkg/kube/inject/testdata/inputs/enable-core-dump.yaml.5.template.gen.yaml b/pkg/kube/inject/testdata/inputs/enable-core-dump.yaml.5.template.gen.yaml index b4d8f30c489..4acd8b3f772 100644 --- a/pkg/kube/inject/testdata/inputs/enable-core-dump.yaml.5.template.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/enable-core-dump.yaml.5.template.gen.yaml @@ -508,7 +508,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if eq .Values.global.pilotCertProvider "kubernetes" }} - name: kube-ca-cert @@ -778,7 +778,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1155,7 +1155,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1411,7 +1411,7 @@ templates: expirationSeconds: 43200 path: istio-token - configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} name: istiod-ca-cert {{- if .Values.global.imagePullSecrets }} imagePullSecrets: @@ -1716,7 +1716,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.imagePullSecrets }} imagePullSecrets: diff --git a/pkg/kube/inject/testdata/inputs/enable-core-dump.yaml.5.values.gen.yaml b/pkg/kube/inject/testdata/inputs/enable-core-dump.yaml.5.values.gen.yaml index 845b1f3cdff..a3857c78a47 100644 --- a/pkg/kube/inject/testdata/inputs/enable-core-dump.yaml.5.values.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/enable-core-dump.yaml.5.values.gen.yaml @@ -2,6 +2,7 @@ "global": { "autoscalingv2API": true, "caAddress": "", + "caCertConfigMapName": "istio-ca-root-cert", "caName": "", "certSigners": [], "configCluster": false, diff --git a/pkg/kube/inject/testdata/inputs/hello-existing-cncf-networks-json.yaml.16.template.gen.yaml b/pkg/kube/inject/testdata/inputs/hello-existing-cncf-networks-json.yaml.16.template.gen.yaml index b4d8f30c489..4acd8b3f772 100644 --- a/pkg/kube/inject/testdata/inputs/hello-existing-cncf-networks-json.yaml.16.template.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/hello-existing-cncf-networks-json.yaml.16.template.gen.yaml @@ -508,7 +508,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if eq .Values.global.pilotCertProvider "kubernetes" }} - name: kube-ca-cert @@ -778,7 +778,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1155,7 +1155,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1411,7 +1411,7 @@ templates: expirationSeconds: 43200 path: istio-token - configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} name: istiod-ca-cert {{- if .Values.global.imagePullSecrets }} imagePullSecrets: @@ -1716,7 +1716,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.imagePullSecrets }} imagePullSecrets: diff --git a/pkg/kube/inject/testdata/inputs/hello-existing-cncf-networks-json.yaml.16.values.gen.yaml b/pkg/kube/inject/testdata/inputs/hello-existing-cncf-networks-json.yaml.16.values.gen.yaml index 14e16da9708..4b8defd9486 100644 --- a/pkg/kube/inject/testdata/inputs/hello-existing-cncf-networks-json.yaml.16.values.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/hello-existing-cncf-networks-json.yaml.16.values.gen.yaml @@ -2,6 +2,7 @@ "global": { "autoscalingv2API": true, "caAddress": "", + "caCertConfigMapName": "istio-ca-root-cert", "caName": "", "certSigners": [], "configCluster": false, diff --git a/pkg/kube/inject/testdata/inputs/hello-existing-cncf-networks.yaml.15.template.gen.yaml b/pkg/kube/inject/testdata/inputs/hello-existing-cncf-networks.yaml.15.template.gen.yaml index b4d8f30c489..4acd8b3f772 100644 --- a/pkg/kube/inject/testdata/inputs/hello-existing-cncf-networks.yaml.15.template.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/hello-existing-cncf-networks.yaml.15.template.gen.yaml @@ -508,7 +508,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if eq .Values.global.pilotCertProvider "kubernetes" }} - name: kube-ca-cert @@ -778,7 +778,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1155,7 +1155,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1411,7 +1411,7 @@ templates: expirationSeconds: 43200 path: istio-token - configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} name: istiod-ca-cert {{- if .Values.global.imagePullSecrets }} imagePullSecrets: @@ -1716,7 +1716,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.imagePullSecrets }} imagePullSecrets: diff --git a/pkg/kube/inject/testdata/inputs/hello-existing-cncf-networks.yaml.15.values.gen.yaml b/pkg/kube/inject/testdata/inputs/hello-existing-cncf-networks.yaml.15.values.gen.yaml index 14e16da9708..4b8defd9486 100644 --- a/pkg/kube/inject/testdata/inputs/hello-existing-cncf-networks.yaml.15.values.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/hello-existing-cncf-networks.yaml.15.values.gen.yaml @@ -2,6 +2,7 @@ "global": { "autoscalingv2API": true, "caAddress": "", + "caCertConfigMapName": "istio-ca-root-cert", "caName": "", "certSigners": [], "configCluster": false, diff --git a/pkg/kube/inject/testdata/inputs/hello-image-pull-secret.yaml.11.template.gen.yaml b/pkg/kube/inject/testdata/inputs/hello-image-pull-secret.yaml.11.template.gen.yaml index b4d8f30c489..4acd8b3f772 100644 --- a/pkg/kube/inject/testdata/inputs/hello-image-pull-secret.yaml.11.template.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/hello-image-pull-secret.yaml.11.template.gen.yaml @@ -508,7 +508,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if eq .Values.global.pilotCertProvider "kubernetes" }} - name: kube-ca-cert @@ -778,7 +778,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1155,7 +1155,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1411,7 +1411,7 @@ templates: expirationSeconds: 43200 path: istio-token - configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} name: istiod-ca-cert {{- if .Values.global.imagePullSecrets }} imagePullSecrets: @@ -1716,7 +1716,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.imagePullSecrets }} imagePullSecrets: diff --git a/pkg/kube/inject/testdata/inputs/hello-image-pull-secret.yaml.11.values.gen.yaml b/pkg/kube/inject/testdata/inputs/hello-image-pull-secret.yaml.11.values.gen.yaml index eecaba22b5b..c1e1497dd62 100644 --- a/pkg/kube/inject/testdata/inputs/hello-image-pull-secret.yaml.11.values.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/hello-image-pull-secret.yaml.11.values.gen.yaml @@ -2,6 +2,7 @@ "global": { "autoscalingv2API": true, "caAddress": "", + "caCertConfigMapName": "istio-ca-root-cert", "caName": "", "certSigners": [], "configCluster": false, diff --git a/pkg/kube/inject/testdata/inputs/hello-probes-noProxyHoldApplication-ProxyConfig.yaml.20.template.gen.yaml b/pkg/kube/inject/testdata/inputs/hello-probes-noProxyHoldApplication-ProxyConfig.yaml.20.template.gen.yaml index b4d8f30c489..4acd8b3f772 100644 --- a/pkg/kube/inject/testdata/inputs/hello-probes-noProxyHoldApplication-ProxyConfig.yaml.20.template.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/hello-probes-noProxyHoldApplication-ProxyConfig.yaml.20.template.gen.yaml @@ -508,7 +508,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if eq .Values.global.pilotCertProvider "kubernetes" }} - name: kube-ca-cert @@ -778,7 +778,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1155,7 +1155,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1411,7 +1411,7 @@ templates: expirationSeconds: 43200 path: istio-token - configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} name: istiod-ca-cert {{- if .Values.global.imagePullSecrets }} imagePullSecrets: @@ -1716,7 +1716,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.imagePullSecrets }} imagePullSecrets: diff --git a/pkg/kube/inject/testdata/inputs/hello-probes-noProxyHoldApplication-ProxyConfig.yaml.20.values.gen.yaml b/pkg/kube/inject/testdata/inputs/hello-probes-noProxyHoldApplication-ProxyConfig.yaml.20.values.gen.yaml index a3e8cd88c76..2c439ebf458 100644 --- a/pkg/kube/inject/testdata/inputs/hello-probes-noProxyHoldApplication-ProxyConfig.yaml.20.values.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/hello-probes-noProxyHoldApplication-ProxyConfig.yaml.20.values.gen.yaml @@ -2,6 +2,7 @@ "global": { "autoscalingv2API": true, "caAddress": "", + "caCertConfigMapName": "istio-ca-root-cert", "caName": "", "certSigners": [], "configCluster": false, diff --git a/pkg/kube/inject/testdata/inputs/hello-probes.yaml.18.template.gen.yaml b/pkg/kube/inject/testdata/inputs/hello-probes.yaml.18.template.gen.yaml index b4d8f30c489..4acd8b3f772 100644 --- a/pkg/kube/inject/testdata/inputs/hello-probes.yaml.18.template.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/hello-probes.yaml.18.template.gen.yaml @@ -508,7 +508,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if eq .Values.global.pilotCertProvider "kubernetes" }} - name: kube-ca-cert @@ -778,7 +778,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1155,7 +1155,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1411,7 +1411,7 @@ templates: expirationSeconds: 43200 path: istio-token - configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} name: istiod-ca-cert {{- if .Values.global.imagePullSecrets }} imagePullSecrets: @@ -1716,7 +1716,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.imagePullSecrets }} imagePullSecrets: diff --git a/pkg/kube/inject/testdata/inputs/hello-probes.yaml.18.values.gen.yaml b/pkg/kube/inject/testdata/inputs/hello-probes.yaml.18.values.gen.yaml index a3e8cd88c76..2c439ebf458 100644 --- a/pkg/kube/inject/testdata/inputs/hello-probes.yaml.18.values.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/hello-probes.yaml.18.values.gen.yaml @@ -2,6 +2,7 @@ "global": { "autoscalingv2API": true, "caAddress": "", + "caCertConfigMapName": "istio-ca-root-cert", "caName": "", "certSigners": [], "configCluster": false, diff --git a/pkg/kube/inject/testdata/inputs/hello.yaml.0.template.gen.yaml b/pkg/kube/inject/testdata/inputs/hello.yaml.0.template.gen.yaml index b4d8f30c489..4acd8b3f772 100644 --- a/pkg/kube/inject/testdata/inputs/hello.yaml.0.template.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/hello.yaml.0.template.gen.yaml @@ -508,7 +508,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if eq .Values.global.pilotCertProvider "kubernetes" }} - name: kube-ca-cert @@ -778,7 +778,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1155,7 +1155,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1411,7 +1411,7 @@ templates: expirationSeconds: 43200 path: istio-token - configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} name: istiod-ca-cert {{- if .Values.global.imagePullSecrets }} imagePullSecrets: @@ -1716,7 +1716,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.imagePullSecrets }} imagePullSecrets: diff --git a/pkg/kube/inject/testdata/inputs/hello.yaml.0.values.gen.yaml b/pkg/kube/inject/testdata/inputs/hello.yaml.0.values.gen.yaml index 11a20fb9afe..c3bade3a0db 100644 --- a/pkg/kube/inject/testdata/inputs/hello.yaml.0.values.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/hello.yaml.0.values.gen.yaml @@ -2,6 +2,7 @@ "global": { "autoscalingv2API": true, "caAddress": "", + "caCertConfigMapName": "istio-ca-root-cert", "caName": "", "certSigners": [], "configCluster": false, diff --git a/pkg/kube/inject/testdata/inputs/hello.yaml.1.template.gen.yaml b/pkg/kube/inject/testdata/inputs/hello.yaml.1.template.gen.yaml index b4d8f30c489..4acd8b3f772 100644 --- a/pkg/kube/inject/testdata/inputs/hello.yaml.1.template.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/hello.yaml.1.template.gen.yaml @@ -508,7 +508,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if eq .Values.global.pilotCertProvider "kubernetes" }} - name: kube-ca-cert @@ -778,7 +778,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1155,7 +1155,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1411,7 +1411,7 @@ templates: expirationSeconds: 43200 path: istio-token - configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} name: istiod-ca-cert {{- if .Values.global.imagePullSecrets }} imagePullSecrets: @@ -1716,7 +1716,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.imagePullSecrets }} imagePullSecrets: diff --git a/pkg/kube/inject/testdata/inputs/hello.yaml.1.values.gen.yaml b/pkg/kube/inject/testdata/inputs/hello.yaml.1.values.gen.yaml index 72e40dcbf1d..92a904723dd 100644 --- a/pkg/kube/inject/testdata/inputs/hello.yaml.1.values.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/hello.yaml.1.values.gen.yaml @@ -2,6 +2,7 @@ "global": { "autoscalingv2API": true, "caAddress": "", + "caCertConfigMapName": "istio-ca-root-cert", "caName": "", "certSigners": [], "configCluster": false, diff --git a/pkg/kube/inject/testdata/inputs/hello.yaml.10.template.gen.yaml b/pkg/kube/inject/testdata/inputs/hello.yaml.10.template.gen.yaml index b4d8f30c489..4acd8b3f772 100644 --- a/pkg/kube/inject/testdata/inputs/hello.yaml.10.template.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/hello.yaml.10.template.gen.yaml @@ -508,7 +508,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if eq .Values.global.pilotCertProvider "kubernetes" }} - name: kube-ca-cert @@ -778,7 +778,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1155,7 +1155,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1411,7 +1411,7 @@ templates: expirationSeconds: 43200 path: istio-token - configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} name: istiod-ca-cert {{- if .Values.global.imagePullSecrets }} imagePullSecrets: @@ -1716,7 +1716,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.imagePullSecrets }} imagePullSecrets: diff --git a/pkg/kube/inject/testdata/inputs/hello.yaml.10.values.gen.yaml b/pkg/kube/inject/testdata/inputs/hello.yaml.10.values.gen.yaml index eecaba22b5b..c1e1497dd62 100644 --- a/pkg/kube/inject/testdata/inputs/hello.yaml.10.values.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/hello.yaml.10.values.gen.yaml @@ -2,6 +2,7 @@ "global": { "autoscalingv2API": true, "caAddress": "", + "caCertConfigMapName": "istio-ca-root-cert", "caName": "", "certSigners": [], "configCluster": false, diff --git a/pkg/kube/inject/testdata/inputs/hello.yaml.12.template.gen.yaml b/pkg/kube/inject/testdata/inputs/hello.yaml.12.template.gen.yaml index b4d8f30c489..4acd8b3f772 100644 --- a/pkg/kube/inject/testdata/inputs/hello.yaml.12.template.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/hello.yaml.12.template.gen.yaml @@ -508,7 +508,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if eq .Values.global.pilotCertProvider "kubernetes" }} - name: kube-ca-cert @@ -778,7 +778,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1155,7 +1155,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1411,7 +1411,7 @@ templates: expirationSeconds: 43200 path: istio-token - configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} name: istiod-ca-cert {{- if .Values.global.imagePullSecrets }} imagePullSecrets: @@ -1716,7 +1716,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.imagePullSecrets }} imagePullSecrets: diff --git a/pkg/kube/inject/testdata/inputs/hello.yaml.12.values.gen.yaml b/pkg/kube/inject/testdata/inputs/hello.yaml.12.values.gen.yaml index 3135da1caf3..82cef85920e 100644 --- a/pkg/kube/inject/testdata/inputs/hello.yaml.12.values.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/hello.yaml.12.values.gen.yaml @@ -2,6 +2,7 @@ "global": { "autoscalingv2API": true, "caAddress": "", + "caCertConfigMapName": "istio-ca-root-cert", "caName": "", "certSigners": [], "configCluster": false, diff --git a/pkg/kube/inject/testdata/inputs/hello.yaml.13.template.gen.yaml b/pkg/kube/inject/testdata/inputs/hello.yaml.13.template.gen.yaml index b4d8f30c489..4acd8b3f772 100644 --- a/pkg/kube/inject/testdata/inputs/hello.yaml.13.template.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/hello.yaml.13.template.gen.yaml @@ -508,7 +508,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if eq .Values.global.pilotCertProvider "kubernetes" }} - name: kube-ca-cert @@ -778,7 +778,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1155,7 +1155,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1411,7 +1411,7 @@ templates: expirationSeconds: 43200 path: istio-token - configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} name: istiod-ca-cert {{- if .Values.global.imagePullSecrets }} imagePullSecrets: @@ -1716,7 +1716,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.imagePullSecrets }} imagePullSecrets: diff --git a/pkg/kube/inject/testdata/inputs/hello.yaml.13.values.gen.yaml b/pkg/kube/inject/testdata/inputs/hello.yaml.13.values.gen.yaml index af7ec28be8c..1170b3b7059 100644 --- a/pkg/kube/inject/testdata/inputs/hello.yaml.13.values.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/hello.yaml.13.values.gen.yaml @@ -2,6 +2,7 @@ "global": { "autoscalingv2API": true, "caAddress": "", + "caCertConfigMapName": "istio-ca-root-cert", "caName": "", "certSigners": [], "configCluster": false, diff --git a/pkg/kube/inject/testdata/inputs/hello.yaml.14.template.gen.yaml b/pkg/kube/inject/testdata/inputs/hello.yaml.14.template.gen.yaml index b4d8f30c489..4acd8b3f772 100644 --- a/pkg/kube/inject/testdata/inputs/hello.yaml.14.template.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/hello.yaml.14.template.gen.yaml @@ -508,7 +508,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if eq .Values.global.pilotCertProvider "kubernetes" }} - name: kube-ca-cert @@ -778,7 +778,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1155,7 +1155,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1411,7 +1411,7 @@ templates: expirationSeconds: 43200 path: istio-token - configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} name: istiod-ca-cert {{- if .Values.global.imagePullSecrets }} imagePullSecrets: @@ -1716,7 +1716,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.imagePullSecrets }} imagePullSecrets: diff --git a/pkg/kube/inject/testdata/inputs/hello.yaml.14.values.gen.yaml b/pkg/kube/inject/testdata/inputs/hello.yaml.14.values.gen.yaml index 14e16da9708..4b8defd9486 100644 --- a/pkg/kube/inject/testdata/inputs/hello.yaml.14.values.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/hello.yaml.14.values.gen.yaml @@ -2,6 +2,7 @@ "global": { "autoscalingv2API": true, "caAddress": "", + "caCertConfigMapName": "istio-ca-root-cert", "caName": "", "certSigners": [], "configCluster": false, diff --git a/pkg/kube/inject/testdata/inputs/hello.yaml.17.template.gen.yaml b/pkg/kube/inject/testdata/inputs/hello.yaml.17.template.gen.yaml index b4d8f30c489..4acd8b3f772 100644 --- a/pkg/kube/inject/testdata/inputs/hello.yaml.17.template.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/hello.yaml.17.template.gen.yaml @@ -508,7 +508,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if eq .Values.global.pilotCertProvider "kubernetes" }} - name: kube-ca-cert @@ -778,7 +778,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1155,7 +1155,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1411,7 +1411,7 @@ templates: expirationSeconds: 43200 path: istio-token - configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} name: istiod-ca-cert {{- if .Values.global.imagePullSecrets }} imagePullSecrets: @@ -1716,7 +1716,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.imagePullSecrets }} imagePullSecrets: diff --git a/pkg/kube/inject/testdata/inputs/hello.yaml.17.values.gen.yaml b/pkg/kube/inject/testdata/inputs/hello.yaml.17.values.gen.yaml index a3e8cd88c76..2c439ebf458 100644 --- a/pkg/kube/inject/testdata/inputs/hello.yaml.17.values.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/hello.yaml.17.values.gen.yaml @@ -2,6 +2,7 @@ "global": { "autoscalingv2API": true, "caAddress": "", + "caCertConfigMapName": "istio-ca-root-cert", "caName": "", "certSigners": [], "configCluster": false, diff --git a/pkg/kube/inject/testdata/inputs/hello.yaml.3.template.gen.yaml b/pkg/kube/inject/testdata/inputs/hello.yaml.3.template.gen.yaml index b4d8f30c489..4acd8b3f772 100644 --- a/pkg/kube/inject/testdata/inputs/hello.yaml.3.template.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/hello.yaml.3.template.gen.yaml @@ -508,7 +508,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if eq .Values.global.pilotCertProvider "kubernetes" }} - name: kube-ca-cert @@ -778,7 +778,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1155,7 +1155,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1411,7 +1411,7 @@ templates: expirationSeconds: 43200 path: istio-token - configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} name: istiod-ca-cert {{- if .Values.global.imagePullSecrets }} imagePullSecrets: @@ -1716,7 +1716,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.imagePullSecrets }} imagePullSecrets: diff --git a/pkg/kube/inject/testdata/inputs/hello.yaml.3.values.gen.yaml b/pkg/kube/inject/testdata/inputs/hello.yaml.3.values.gen.yaml index 0dc46f74ebe..212208c501c 100644 --- a/pkg/kube/inject/testdata/inputs/hello.yaml.3.values.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/hello.yaml.3.values.gen.yaml @@ -2,6 +2,7 @@ "global": { "autoscalingv2API": true, "caAddress": "", + "caCertConfigMapName": "istio-ca-root-cert", "caName": "", "certSigners": [], "configCluster": false, diff --git a/pkg/kube/inject/testdata/inputs/hello.yaml.4.template.gen.yaml b/pkg/kube/inject/testdata/inputs/hello.yaml.4.template.gen.yaml index b4d8f30c489..4acd8b3f772 100644 --- a/pkg/kube/inject/testdata/inputs/hello.yaml.4.template.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/hello.yaml.4.template.gen.yaml @@ -508,7 +508,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if eq .Values.global.pilotCertProvider "kubernetes" }} - name: kube-ca-cert @@ -778,7 +778,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1155,7 +1155,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1411,7 +1411,7 @@ templates: expirationSeconds: 43200 path: istio-token - configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} name: istiod-ca-cert {{- if .Values.global.imagePullSecrets }} imagePullSecrets: @@ -1716,7 +1716,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.imagePullSecrets }} imagePullSecrets: diff --git a/pkg/kube/inject/testdata/inputs/hello.yaml.4.values.gen.yaml b/pkg/kube/inject/testdata/inputs/hello.yaml.4.values.gen.yaml index e699e6250a8..77484a09464 100644 --- a/pkg/kube/inject/testdata/inputs/hello.yaml.4.values.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/hello.yaml.4.values.gen.yaml @@ -2,6 +2,7 @@ "global": { "autoscalingv2API": true, "caAddress": "", + "caCertConfigMapName": "istio-ca-root-cert", "caName": "", "certSigners": [], "configCluster": false, diff --git a/pkg/kube/inject/testdata/inputs/kubevirtInterfaces.yaml.9.template.gen.yaml b/pkg/kube/inject/testdata/inputs/kubevirtInterfaces.yaml.9.template.gen.yaml index b4d8f30c489..4acd8b3f772 100644 --- a/pkg/kube/inject/testdata/inputs/kubevirtInterfaces.yaml.9.template.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/kubevirtInterfaces.yaml.9.template.gen.yaml @@ -508,7 +508,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if eq .Values.global.pilotCertProvider "kubernetes" }} - name: kube-ca-cert @@ -778,7 +778,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1155,7 +1155,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1411,7 +1411,7 @@ templates: expirationSeconds: 43200 path: istio-token - configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} name: istiod-ca-cert {{- if .Values.global.imagePullSecrets }} imagePullSecrets: @@ -1716,7 +1716,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.imagePullSecrets }} imagePullSecrets: diff --git a/pkg/kube/inject/testdata/inputs/kubevirtInterfaces.yaml.9.values.gen.yaml b/pkg/kube/inject/testdata/inputs/kubevirtInterfaces.yaml.9.values.gen.yaml index 3d3b1b1a146..88641aa8b1d 100644 --- a/pkg/kube/inject/testdata/inputs/kubevirtInterfaces.yaml.9.values.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/kubevirtInterfaces.yaml.9.values.gen.yaml @@ -2,6 +2,7 @@ "global": { "autoscalingv2API": true, "caAddress": "", + "caCertConfigMapName": "istio-ca-root-cert", "caName": "", "certSigners": [], "configCluster": false, diff --git a/pkg/kube/inject/testdata/inputs/merge-probers.yaml.43.template.gen.yaml b/pkg/kube/inject/testdata/inputs/merge-probers.yaml.43.template.gen.yaml index b4d8f30c489..4acd8b3f772 100644 --- a/pkg/kube/inject/testdata/inputs/merge-probers.yaml.43.template.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/merge-probers.yaml.43.template.gen.yaml @@ -508,7 +508,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if eq .Values.global.pilotCertProvider "kubernetes" }} - name: kube-ca-cert @@ -778,7 +778,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1155,7 +1155,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1411,7 +1411,7 @@ templates: expirationSeconds: 43200 path: istio-token - configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} name: istiod-ca-cert {{- if .Values.global.imagePullSecrets }} imagePullSecrets: @@ -1716,7 +1716,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.imagePullSecrets }} imagePullSecrets: diff --git a/pkg/kube/inject/testdata/inputs/merge-probers.yaml.43.values.gen.yaml b/pkg/kube/inject/testdata/inputs/merge-probers.yaml.43.values.gen.yaml index a3e8cd88c76..2c439ebf458 100644 --- a/pkg/kube/inject/testdata/inputs/merge-probers.yaml.43.values.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/merge-probers.yaml.43.values.gen.yaml @@ -2,6 +2,7 @@ "global": { "autoscalingv2API": true, "caAddress": "", + "caCertConfigMapName": "istio-ca-root-cert", "caName": "", "certSigners": [], "configCluster": false, diff --git a/pkg/kube/inject/testdata/inputs/status_params.yaml.8.template.gen.yaml b/pkg/kube/inject/testdata/inputs/status_params.yaml.8.template.gen.yaml index b4d8f30c489..4acd8b3f772 100644 --- a/pkg/kube/inject/testdata/inputs/status_params.yaml.8.template.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/status_params.yaml.8.template.gen.yaml @@ -508,7 +508,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if eq .Values.global.pilotCertProvider "kubernetes" }} - name: kube-ca-cert @@ -778,7 +778,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1155,7 +1155,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1411,7 +1411,7 @@ templates: expirationSeconds: 43200 path: istio-token - configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} name: istiod-ca-cert {{- if .Values.global.imagePullSecrets }} imagePullSecrets: @@ -1716,7 +1716,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.imagePullSecrets }} imagePullSecrets: diff --git a/pkg/kube/inject/testdata/inputs/status_params.yaml.8.values.gen.yaml b/pkg/kube/inject/testdata/inputs/status_params.yaml.8.values.gen.yaml index 3d3b1b1a146..88641aa8b1d 100644 --- a/pkg/kube/inject/testdata/inputs/status_params.yaml.8.values.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/status_params.yaml.8.values.gen.yaml @@ -2,6 +2,7 @@ "global": { "autoscalingv2API": true, "caAddress": "", + "caCertConfigMapName": "istio-ca-root-cert", "caName": "", "certSigners": [], "configCluster": false, diff --git a/pkg/kube/inject/testdata/inputs/traffic-params.yaml.7.template.gen.yaml b/pkg/kube/inject/testdata/inputs/traffic-params.yaml.7.template.gen.yaml index b4d8f30c489..4acd8b3f772 100644 --- a/pkg/kube/inject/testdata/inputs/traffic-params.yaml.7.template.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/traffic-params.yaml.7.template.gen.yaml @@ -508,7 +508,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if eq .Values.global.pilotCertProvider "kubernetes" }} - name: kube-ca-cert @@ -778,7 +778,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1155,7 +1155,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.mountMtlsCerts }} # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. @@ -1411,7 +1411,7 @@ templates: expirationSeconds: 43200 path: istio-token - configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} name: istiod-ca-cert {{- if .Values.global.imagePullSecrets }} imagePullSecrets: @@ -1716,7 +1716,7 @@ templates: {{- if eq .Values.global.pilotCertProvider "istiod" }} - name: istiod-ca-cert configMap: - name: istio-ca-root-cert + name: {{ .Values.global.caCertConfigMapName }} {{- end }} {{- if .Values.global.imagePullSecrets }} imagePullSecrets: diff --git a/pkg/kube/inject/testdata/inputs/traffic-params.yaml.7.values.gen.yaml b/pkg/kube/inject/testdata/inputs/traffic-params.yaml.7.values.gen.yaml index 0cf0547f806..33ee9b9cdff 100644 --- a/pkg/kube/inject/testdata/inputs/traffic-params.yaml.7.values.gen.yaml +++ b/pkg/kube/inject/testdata/inputs/traffic-params.yaml.7.values.gen.yaml @@ -2,6 +2,7 @@ "global": { "autoscalingv2API": true, "caAddress": "", + "caCertConfigMapName": "istio-ca-root-cert", "caName": "", "certSigners": [], "configCluster": false,