Citadel standalone

[sdake]

No description provided.

[googlebot]

So there's good news and bad news.

👍 The good news is that everyone that needs to sign a CLA (the pull request submitter and all commit authors) have done so. Everything is all good there.

😕 The bad news is that it appears that one or more commits were authored or co-authored by someone other than the pull request submitter. We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that here in the pull request.

Note to project maintainer: This is a terminal state, meaning the cla/google commit status will not change from this state. It's up to you to confirm consent of the commit author(s) and merge this pull request when appropriate.

[istio-testing]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To fully approve this pull request, please assign additional approvers.
We suggest the following additional approver: greghanson

Assign the PR to them by writing /assign @greghanson in a comment when ready.

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• install/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[googlebot]

CLAs look good, thanks!

[sdake]

Reviewers,

This is the standalone citadel template merged into the main helm chart. I don't know if we want this sort of work prior to 0.8, however, I've submitted on the 0.8 branch as master is blocked.

[sdake]

this part may not be correct.

[codecov]

Codecov Report

❗ No coverage uploaded for pull request base (release-0.8@977e942). Click here to learn what that means.
The diff coverage is n/a.

@@              Coverage Diff              @@
##             release-0.8   #5292   +/-   ##
=============================================
  Coverage               ?     74%           
=============================================
  Files                  ?     323           
  Lines                  ?   27231           
  Branches               ?       0           
=============================================
  Hits                   ?   19973           
  Misses                 ?    6473           
  Partials               ?     785

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 977e942...92bb2b2. Read the comment docs.

[istio-testing]

@sdake: The following tests failed, say /retest to rerun them all:

Test name	Commit	Details	Rerun command
prow/istio-unit-tests.sh	92bb2b2	link	/test istio-unit-tests
prow/e2e-simpleTests.sh	92bb2b2	link	/test e2e-simple
prow/istio-pilot-e2e-envoyv2-v1alpha3.sh	92bb2b2	link	/test istio-pilot-e2e-envoyv2-v1alpha3
prow/istio-pilot-e2e.sh	92bb2b2	link	/test istio-pilot-e2e
prow/e2e-bookInfoTests-v1alpha3.sh	92bb2b2	link	/test e2e-bookInfo-envoyv2-v1alpha3

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[myidpt]

Thanks, Steven.
I believe our current istio-citadel-standalone.yaml.tmpl generates istio-citadel-standalone.yaml for V0.8. Your PR changes the generation to using helm.

[myidpt]

How about using standalone_citadel as a tag? Then you don't need to explicitly set integrated_citadel tags here.

[sdake]

I'm not convinced this PR works for the non-standalone case - need a bit of help from @jascott1.

Unfortunately standalone_citadel, while making more logical sense, is not viable with the way Helm works. The way tags and conditions are processed is covered here: https://github.com/kubernetes/helm/blob/master/docs/charts.md#tags-and-condition-fields-in-requirementsyaml

In short here is my parsing of how conditions/tags work (or don't work) together:
If subchart.condition == undefined
if tag == true
include subchart

There is no way to have the opposite logic:

if subchart.condition == undefined
if tag = true (on the security)
include all charts that are not security

@jascott1 can you weigh in here is this PR correct, or is there a way to specify "standalone_citadel".

I get the impression condition/tags are half-baked after reading the docs, and need some more time in the oven ;-)

[myidpt]

BTW, I saw the newly generated file istio-citadel-standalone.yaml does have the ConfigMap, we can avoid it because it's not used.

[sdake]

/hold

[istio-testing]

@sdake: PR needs rebase.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[stale]

This pull request has been automatically marked as stale because it has not had activity in the last 2 weeks. It will be closed in 2 weeks if no further activity occurs. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions!

[sdake]

ping leaving open for 1.1 progress.

[stale]

This pull request has been automatically marked as stale because it has not had activity in the last 2 weeks. It will be closed in 2 weeks if no further activity occurs. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions!

[sdake]

stalebot ignore