Istio 1.4.300

charts/rancher-istio/1.4.3/questions.yaml

 labels:
   rancher.istio.v1.4.3: 1.4.3
 rancher_min_version: 2.3.4-rc1
+rancher_max_version: 2.3.4-rc1

charts/rancher-istio/1.4.300/Chart.yaml

@@ -14,4 +14,4 @@ name: rancher-istio
 sources:
 - http://github.com/istio/istio
 tillerVersion: '>=2.7.2-0'
-version: 1.4.3
+version: 1.4.300

charts/rancher-istio/1.4.300/charts/certmanager/templates/deployment.yaml

@@ -35,7 +35,11 @@ spec:
 {{- end }}
       containers:
       - name: certmanager
-        image: "{{ .Values.hub }}/{{ .Values.image }}:{{ .Values.tag }}"
+        {{- if .Values.global.systemDefaultRegistry }}
+        image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        {{- else }}
+        image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
+        {{- end }}
         imagePullPolicy: {{ .Values.global.imagePullPolicy }}
         args:
         - --cluster-resource-namespace=$(POD_NAMESPACE)

charts/rancher-istio/1.4.300/charts/certmanager/values.yaml

@@ -5,9 +5,6 @@
 # restart, DestinationRules can be created using the ACME-signed certificates.
 enabled: false
 replicaCount: 1
-hub: quay.io/jetstack
-image: cert-manager-controller
-tag: v0.8.1
 resources: {}
 nodeSelector: {}
 tolerations: []

charts/rancher-istio/1.4.300/charts/galley/templates/deployment.yaml

@@ -38,11 +38,7 @@ spec:
 {{- end }}
       containers:
         - name: galley
-{{- if contains "/" .Values.image }}
-          image: "{{ .Values.image }}"
-{{- else }}
-          image: "{{ .Values.global.hub }}/{{ .Values.image }}:{{ .Values.global.tag }}"
-{{- end }}
+          image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}"
           imagePullPolicy: {{ .Values.global.imagePullPolicy }}
           ports:
           - containerPort: 443

charts/rancher-istio/1.4.300/charts/galley/values.yaml

@@ -5,7 +5,6 @@ enabled: true
 replicaCount: 1
 rollingMaxSurge: 100%
 rollingMaxUnavailable: 25%
-image: galley
 nodeSelector: {}
 tolerations: []
 podAnnotations: {}

charts/rancher-istio/1.4.300/charts/gateways/templates/deployment.yaml

@@ -44,7 +44,7 @@ spec:
 {{- if $.Values.global.proxy.enableCoreDump }}
       initContainers:
         - name: enable-core-dump
-          image: {{ $.Values.global.proxy.enableCoreDumpImage }}
+          image: "{{ template "system_default_registry" $ }}{{ $.Values.global.proxy_init.repository }}:{{ $.Values.global.proxy_init.tag }}"
           imagePullPolicy: {{ $.Values.global.imagePullPolicy }}
           command:
             - /bin/sh
@@ -58,11 +58,7 @@ spec:
 {{- if $spec.sds }}
 {{- if $spec.sds.enabled }}
         - name: ingress-sds
-{{- if contains "/" $spec.sds.image }}
-          image: "{{ $spec.sds.image }}"
-{{- else }}
-          image: "{{ $.Values.global.hub }}/{{ $spec.sds.image }}:{{ $.Values.global.tag }}"
-{{- end }}
+          image: "{{ template "system_default_registry" $ }}{{ $.Values.global.nodeagent.repository }}:{{ $.Values.global.nodeagent.tag }}"
           imagePullPolicy: {{ $.Values.global.imagePullPolicy }}
           resources:
 {{- if $spec.sds.resources }}
@@ -86,11 +82,7 @@ spec:
 {{- end }}
 {{- end }}
         - name: istio-proxy
-{{- if contains "/" $.Values.global.proxy.image }}
-          image: "{{ $.Values.global.proxy.image }}"
-{{- else }}
-          image: "{{ $.Values.global.hub }}/{{ $.Values.global.proxy.image }}:{{ $.Values.global.tag }}"
-{{- end }}
+          image: "{{ template "system_default_registry" $ }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}"
           imagePullPolicy: {{ $.Values.global.imagePullPolicy }}
           ports:
             {{- range $key, $val := $spec.ports }}

charts/rancher-istio/1.4.300/charts/gateways/values.yaml

@@ -17,7 +17,6 @@ istio-ingressgateway:
     enabled: false
     # SDS server that watches kubernetes secrets and provisions credentials to ingress gateway.
     # This server runs in the same pod as ingress gateway.
-    image: node-agent-k8s
     resources:
       requests:
         cpu: 100m

charts/rancher-istio/1.4.300/charts/grafana/templates/create-custom-resources-job.yaml

@@ -81,7 +81,7 @@ spec:
       serviceAccountName: istio-grafana-post-install-account
       containers:
         - name: kubectl
-          image: "{{ .Values.global.hub }}/kubectl:{{ .Values.global.tag }}"
+          image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}"
           command: [ "/bin/bash", "/tmp/grafana/run.sh", "/tmp/grafana/custom-resources.yaml" ]
           volumeMounts:
             - mountPath: "/tmp/grafana"

charts/rancher-istio/1.4.300/charts/grafana/templates/deployment.yaml

@@ -38,7 +38,7 @@ spec:
 {{- end }}
       containers:
         - name: {{ .Chart.Name }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}"
           imagePullPolicy: {{ .Values.global.imagePullPolicy }}
           ports:
           - containerPort: 3000

charts/rancher-istio/1.4.300/charts/grafana/templates/tests/test-grafana-connection.yaml

@@ -19,7 +19,7 @@ spec:
 {{- end }}
   containers:
     - name: "{{ template "grafana.fullname" . }}-test"
-      image: pstauffer/curl:v1.0.3
+      image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}"
       imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
       command: ['curl']
       args: ['http://grafana:{{ .Values.grafana.service.externalPort }}']

charts/rancher-istio/1.4.300/charts/grafana/values.yaml

@@ -3,9 +3,6 @@
 #
 enabled: false
 replicaCount: 1
-image:
-  repository: grafana/grafana
-  tag: 6.4.3
 ingress:
   enabled: false
   ## Used to create an Ingress record.

charts/rancher-istio/1.4.300/charts/istiocoredns/templates/configmap.yaml

@@ -13,7 +13,7 @@ data:
     .:53 {
           errors
           health
-          {{ if eq -1 (semver  .Values.coreDNSTag  | (semver "1.4.0").Compare) }}
+          {{ if eq -1 (semver .Values.image.tag  | (semver "1.4.0").Compare) }}
           # Removed support for the proxy plugin: https://coredns.io/2019/03/03/coredns-1.4.0-release/
           grpc global 127.0.0.1:8053
           forward . /etc/resolv.conf {

charts/rancher-istio/1.4.300/charts/istiocoredns/templates/deployment.yaml

@@ -37,7 +37,7 @@ spec:
 {{- end }}
       containers:
       - name: coredns
-        image: {{ .Values.coreDNSImage }}:{{ .Values.coreDNSTag }}
+        image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}"
         imagePullPolicy: {{ .Values.global.imagePullPolicy }}
         args: [ "-conf", "/etc/coredns/Corefile" ]
         volumeMounts:
@@ -71,7 +71,7 @@ spec:
       - name: istio-coredns-plugin
         command:
         - /usr/local/bin/plugin
-        image: {{ .Values.coreDNSPluginImage }}
+        image: "{{ template "system_default_registry" . }}{{ .Values.pluginImage.repository }}:{{ .Values.pluginImage.tag }}"
         imagePullPolicy: {{ .Values.global.imagePullPolicy }}
         ports:
         - containerPort: 8053

charts/rancher-istio/1.4.300/charts/istiocoredns/values.yaml

@@ -5,12 +5,9 @@ enabled: false
 replicaCount: 1
 rollingMaxSurge: 100%
 rollingMaxUnavailable: 25%
-coreDNSImage: coredns/coredns
-coreDNSTag: 1.6.2
 # Source code for the plugin can be found at
 # https://github.com/istio-ecosystem/istio-coredns-plugin
 # The plugin listens for DNS requests from coredns server at 127.0.0.1:8053
-coreDNSPluginImage: istio/coredns-plugin:0.2-istio-1.1
 nodeSelector: {}
 tolerations: []
 podAnnotations: {}

charts/rancher-istio/1.4.300/charts/kiali/templates/deployment.yaml

@@ -36,7 +36,7 @@ spec:
       priorityClassName: "{{ .Values.global.priorityClassName }}"
 {{- end }}
       containers:
-      - image: "{{ .Values.hub }}/{{ .Values.image }}:{{ .Values.tag }}"
+      - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}"
         imagePullPolicy: {{ .Values.global.imagePullPolicy }}
         name: kiali
         command:

charts/rancher-istio/1.4.300/charts/kiali/templates/tests/test-kiali-connection.yaml

@@ -19,7 +19,7 @@ spec:
 {{- end }}
   containers:
     - name: "{{ template "kiali.fullname" . }}-test"
-      image: pstauffer/curl:v1.0.3
+      image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}"
       imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
       command: ['curl']
       args: ['http://kiali:20001']

charts/rancher-istio/1.4.300/charts/kiali/values.yaml

@@ -3,9 +3,6 @@
 #
 enabled: false # Note that if using the demo or demo-auth yaml when installing via Helm, this default will be `true`.
 replicaCount: 1
-hub: quay.io/kiali
-image: kiali
-tag: v1.9
 contextPath: /kiali # The root context path to access the Kiali UI.
 nodeSelector: {}
 tolerations: []

charts/rancher-istio/1.4.300/charts/mixer/templates/deployment.yaml

@@ -39,11 +39,7 @@
       {{- end }}
       containers:
       - name: mixer
-{{- if contains "/" .Values.image }}
-        image: "{{ .Values.image }}"
-{{- else }}
-        image: "{{ $.Values.global.hub }}/{{ $.Values.image }}:{{ $.Values.global.tag }}"
-{{- end }}
+        image: "{{ template "system_default_registry" . }}{{ $.Values.repository }}:{{ $.Values.tag }}"
         imagePullPolicy: {{ $.Values.global.imagePullPolicy }}
         ports:
         - containerPort: {{ .Values.global.monitoringPort }}
@@ -111,11 +107,7 @@
           initialDelaySeconds: 5
           periodSeconds: 5
       - name: istio-proxy
-{{- if contains "/" $.Values.global.proxy.image }}
-        image: "{{ $.Values.global.proxy.image }}"
-{{- else }}
-        image: "{{ $.Values.global.hub }}/{{ $.Values.global.proxy.image }}:{{ $.Values.global.tag }}"
-{{- end }}
+        image: "{{ template "system_default_registry" . }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}"
         imagePullPolicy: {{ $.Values.global.imagePullPolicy }}
         ports:
         - containerPort: 9091
@@ -233,11 +225,7 @@
       {{- end }}
       containers:
       - name: mixer
-{{- if contains "/" .Values.image }}
-        image: "{{ .Values.image }}"
-{{- else }}
-        image: "{{ $.Values.global.hub }}/{{ $.Values.image }}:{{ $.Values.global.tag }}"
-{{- end }}
+        image: "{{ template "system_default_registry" . }}{{ $.Values.repository }}:{{ $.Values.tag }}"
         imagePullPolicy: {{ $.Values.global.imagePullPolicy }}
         ports:
         - containerPort: {{ .Values.global.monitoringPort }}
@@ -314,11 +302,7 @@
           initialDelaySeconds: 5
           periodSeconds: 5
       - name: istio-proxy
-{{- if contains "/" $.Values.global.proxy.image }}
-        image: "{{ $.Values.global.proxy.image }}"
-{{- else }}
-        image: "{{ $.Values.global.hub }}/{{ $.Values.global.proxy.image }}:{{ $.Values.global.tag }}"
-{{- end }}
+        image: "{{ template "system_default_registry" . }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}"
         imagePullPolicy: {{ $.Values.global.imagePullPolicy }}
         ports:
         - containerPort: 9091

charts/rancher-istio/1.4.300/charts/mixer/values.yaml

 #
 # mixer configuration
 #
-image: mixer
 
 env:
   # max procs should be ceil(cpu limit + 1)

charts/rancher-istio/1.4.300/charts/nodeagent/templates/daemonset.yaml

@@ -30,11 +30,7 @@ spec:
 {{- end }}
       containers:
       - name: nodeagent
-{{- if contains "/" .Values.image }}
-        image: "{{ .Values.image }}"
-{{- else }}
-        image: "{{ .Values.global.hub }}/{{ .Values.image }}:{{ .Values.global.tag }}"
-{{- end }}
+        image: "{{ template "system_default_registry" . }}{{ $.Values.global.nodeagent.repository }}:{{ $.Values.global.nodeagent.tag }}"
         imagePullPolicy: {{ .Values.global.imagePullPolicy }}
         volumeMounts:
         - mountPath: /var/run/sds

charts/rancher-istio/1.4.300/charts/nodeagent/values.yaml

@@ -2,7 +2,6 @@
 # nodeagent configuration
 #
 enabled: false
-image: node-agent-k8s
 env:
   # name of authentication provider.
   CA_PROVIDER: ""

charts/rancher-istio/1.4.300/charts/pilot/templates/deployment.yaml

@@ -45,11 +45,7 @@ spec:
 {{- end }}
       containers:
         - name: discovery
-{{- if contains "/" .Values.image }}
-          image: "{{ .Values.image }}"
-{{- else }}
-          image: "{{ .Values.global.hub }}/{{ .Values.image }}:{{ .Values.global.tag }}"
-{{- end }}
+          image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}"
           imagePullPolicy: {{ .Values.global.imagePullPolicy }}
           args:
           - "discovery"
@@ -131,11 +127,7 @@ spec:
 {{- end }}
 {{- if .Values.sidecar }}
         - name: istio-proxy
-{{- if contains "/" .Values.global.proxy.image }}
-          image: "{{ .Values.global.proxy.image }}"
-{{- else }}
-          image: "{{ .Values.global.hub }}/{{ .Values.global.proxy.image }}:{{ .Values.global.tag }}"
-{{- end }}
+          image: "{{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}"
           imagePullPolicy: {{ .Values.global.imagePullPolicy }}
           ports:
           - containerPort: 15003

charts/rancher-istio/1.4.300/charts/pilot/values.yaml

@@ -9,7 +9,6 @@ autoscaleMax: 5
 # replicaCount: 1
 rollingMaxSurge: 100%
 rollingMaxUnavailable: 25%
-image: pilot
 sidecar: true
 traceSampling: 1.0
 # if protocol sniffing is enabled for outbound

charts/rancher-istio/1.4.300/charts/prometheus/templates/deployment.yaml

@@ -30,7 +30,7 @@ spec:
 {{- end }}
       containers:
         - name: prometheus
-          image: "{{ .Values.hub }}/{{ .Values.image }}:{{ .Values.tag }}"
+          image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}"
           imagePullPolicy: {{ .Values.global.imagePullPolicy }}
           args:
             - '--storage.tsdb.retention={{ .Values.retention }}'

charts/rancher-istio/1.4.300/charts/prometheus/templates/tests/test-prometheus-connection.yaml

@@ -19,7 +19,7 @@ spec:
 {{- end }}
   containers:
     - name: "{{ template "prometheus.fullname" . }}-test"
-      image: pstauffer/curl:v1.0.3
+      image: {{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}
       imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
       command: ['sh', '-c', 'for i in 1 2 3; do curl http://prometheus:9090/-/ready && exit 0 || sleep 15; done; exit 1']
   restartPolicy: Never

charts/rancher-istio/1.4.300/charts/prometheus/values.yaml

@@ -3,9 +3,6 @@
 #
 enabled: true
 replicaCount: 1
-hub: docker.io/prom
-image: prometheus
-tag: v2.12.0
 retention: 6h
 nodeSelector: {}
 tolerations: []

charts/rancher-istio/1.4.300/charts/security/templates/create-custom-resources-job.yaml

@@ -85,7 +85,7 @@ spec:
       serviceAccountName: istio-security-post-install-account
       containers:
         - name: kubectl
-          image: "{{ .Values.global.hub }}/istio-kubectl:{{ .Values.global.tag }}"
+          image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}"
           imagePullPolicy: IfNotPresent
           command: [ "/bin/bash", "/tmp/security/run.sh", "/tmp/security/custom-resources.yaml" ]
           volumeMounts:

charts/rancher-istio/1.4.300/charts/security/templates/deployment.yaml

@@ -39,11 +39,7 @@ spec:
 {{- end }}
       containers:
         - name: citadel
-{{- if contains "/" .Values.image }}
-          image: "{{ .Values.image }}"
-{{- else }}
-          image: "{{ .Values.global.hub }}/{{ .Values.image }}:{{ .Values.global.tag }}"
-{{- end }}
+          image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}"
           imagePullPolicy: {{ .Values.global.imagePullPolicy }}
           args:
           {{- if .Values.global.sds.enabled }}

charts/rancher-istio/1.4.300/charts/security/templates/tests/test-citadel-connection.yaml

@@ -19,7 +19,7 @@ spec:
 {{- end }}
   containers:
     - name: "{{ template "security.fullname" . }}-test"
-      image: pstauffer/curl:v1.0.3
+      image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}"
       imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
       command: ['sh', '-c', 'for i in 1 2 3; do curl http://istio-citadel:{{ .Values.global.monitoringPort }}/version && exit 0 || sleep 15; done; exit 1']
   restartPolicy: Never

charts/rancher-istio/1.4.300/charts/security/values.yaml

@@ -5,7 +5,6 @@ enabled: true
 replicaCount: 1
 rollingMaxSurge: 100%
 rollingMaxUnavailable: 25%
-image: citadel
 selfSigned: true # indicate if self-signed CA is used.
 createMeshPolicy: true
 nodeSelector: {}

charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/templates/deployment.yaml

@@ -38,11 +38,7 @@ spec:
 {{- end }}
       containers:
         - name: sidecar-injector-webhook
-{{- if contains "/" .Values.image }}
-          image: "{{ .Values.image }}"
-{{- else }}
-          image: "{{ .Values.global.hub }}/{{ .Values.image }}:{{ .Values.global.tag }}"
-{{- end }}
+          image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}"
           imagePullPolicy: {{ .Values.global.imagePullPolicy }}
           args:
             - --caCertFile=/etc/istio/certs/root-cert.pem

charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/values.yaml

@@ -5,7 +5,6 @@ enabled: true
 replicaCount: 1
 rollingMaxSurge: 100%
 rollingMaxUnavailable: 25%
-image: sidecar_injector
 enableNamespacesByDefault: false
 nodeSelector: {}
 tolerations: []

charts/rancher-istio/1.4.300/charts/tracing/templates/deployment-jaeger.yaml

@@ -40,7 +40,7 @@ spec:
 {{- end }}
       containers:
         - name: jaeger
-          image: "{{ .Values.jaeger.hub }}/{{ .Values.jaeger.image }}:{{ .Values.jaeger.tag }}"
+          image: "{{ template "system_default_registry" . }}{{ .Values.jaeger.repository }}:{{ .Values.jaeger.tag }}"
           imagePullPolicy: {{ .Values.global.imagePullPolicy }}
           ports:
             - containerPort: 9411

charts/rancher-istio/1.4.300/charts/tracing/templates/deployment-zipkin.yaml

@@ -39,7 +39,7 @@ spec:
 {{- end }}
       containers:
         - name: zipkin
-          image: "{{ .Values.zipkin.hub }}/{{ .Values.zipkin.image }}:{{ .Values.zipkin.tag }}"
+          image: "{{ template "system_default_registry" . }}{{ .Values.zipkin.repository }}:{{ .Values.zipkin.tag }}"
           imagePullPolicy: {{ .Values.global.imagePullPolicy }}
           ports:
             - containerPort: {{ .Values.zipkin.queryPort }}

charts/rancher-istio/1.4.300/charts/tracing/templates/tests/test-tracing-connection.yaml

@@ -18,7 +18,7 @@ spec:
 {{- end }}
   containers:
     - name: "{{ .Values.provider }}-test"
-      image: pstauffer/curl:v1.0.3
+      image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}"
       imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
       command: ['curl']
       {{- if eq .Values.provider "jaeger" }}

charts/rancher-istio/1.4.300/charts/tracing/values.yaml

@@ -29,9 +29,6 @@ podAntiAffinityLabelSelector: []
 podAntiAffinityTermLabelSelector: []
 
 jaeger:
-  hub: docker.io/jaegertracing
-  image: all-in-one
-  tag: 1.14
   podAnnotations: {}
   memory:
     max_traces: 50000
@@ -43,9 +40,6 @@ jaeger:
 
 
 zipkin:
-  hub: docker.io/openzipkin
-  image: zipkin
-  tag: 2.14.2
   podAnnotations: {}
   probeStartupDelay: 200
   queryPort: 9411

charts/rancher-istio/1.4.300/example-values/values-istio-example-sds-vault.yaml

@@ -12,7 +12,8 @@ global:
 
 nodeagent:
   enabled: true
-  image: node-agent-k8s
+  repository: rancher/istio-node-agent-k8s
+  tag: 1.4.3
   env:
     # The IP address and the port number of a publicly accessible example Vault server.
     CA_ADDR: "https://34.83.129.211:8200"

charts/rancher-istio/1.4.300/example-values/values-istio-googleca.yaml

@@ -20,7 +20,8 @@ global:
 
 nodeagent:
   enabled: true
-  image: node-agent-k8s
+  repository: rancher/istio-node-agent-k8s
+  tag: 1.4.3
   env:
     CA_PROVIDER: "GoogleCA"
     CA_ADDR: "meshca.googleapis.com:443"

charts/rancher-istio/1.4.300/files/injection-template.yaml

@@ -4,11 +4,11 @@ initContainers:
 {{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }}
 {{- if not .Values.istio_cni.enabled }}
 - name: istio-init
-{{- if contains "/" .Values.global.proxy_init.image }}
-  image: "{{ .Values.global.proxy_init.image }}"
-{{- else }}
-  image: "{{ .Values.global.hub }}/{{ .Values.global.proxy_init.image }}:{{ .Values.global.tag }}"
-{{- end }}
+  {{- if .Values.global.systemDefaultRegistry }}
+  image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }}"
+  {{- else }}
+  image: "{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }}"
+  {{- end }}
   command:
   - istio-iptables
   - "-p"
@@ -65,7 +65,11 @@ initContainers:
   - sysctl -w kernel.core_pattern=/var/lib/istio/core.proxy && ulimit -c unlimited
   command:
     - /bin/sh
-  image: {{ $.Values.global.proxy.enableCoreDumpImage }}
+  {{- if .Values.global.systemDefaultRegistry }}
+  image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy.enableCoreDumpImage }}"
+  {{- else }}
+  image: "{{ .Values.global.proxy.enableCoreDumpImage }}"
+  {{- end }}
   imagePullPolicy: IfNotPresent
   resources: {}
   securityContext:
@@ -84,10 +88,10 @@ initContainers:
 {{- end }}
 containers:
 - name: istio-proxy
-{{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }}
-  image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}"
+{{- if .Values.global.systemDefaultRegistry }}
+  image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}"
 {{- else }}
-  image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.hub }}/{{ .Values.global.proxy.image }}:{{ .Values.global.tag }}"
+  image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.repository}}:{{ .Values.global.proxy.tag }}"
 {{- end }}
   ports:
   - containerPort: 15090

charts/rancher-istio/1.4.300/questions.yaml

 labels:
-  rancher.istio.v1.4.3: 1.4.3
+  rancher.istio.v1.4.300: 1.4.3
 rancher_min_version: 2.3.4-rc1

charts/rancher-istio/1.4.300/templates/_helpers.tpl

@@ -37,3 +37,12 @@ Create a fully qualified configmap name.
 {{- define "istio.configmap.fullname" -}}
 {{- printf "%s-%s" .Release.Name "istio-mesh-config" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
+
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}

charts/rancher-istio/1.4.300/test-values/values-istio-auth-sds.yaml

@@ -17,7 +17,8 @@ global:
 
 nodeagent:
   enabled: true
-  image: node-agent-k8s
+  repository: rancher/istio-node-agent-k8s
+  tag: 1.4.3
   env:
     CA_PROVIDER: "Citadel"
     CA_ADDR: "istio-citadel:8060"

charts/rancher-istio/1.4.300/values-istio-sds-auth-control-plane-auth-disabled.yaml

@@ -14,7 +14,8 @@ global:
 
 nodeagent:
   enabled: true
-  image: node-agent-k8s
+  repository: rancher/istio-node-agent-k8s
+  tag: 1.4.3
   env:
     CA_PROVIDER: "Citadel"
     CA_ADDR: "istio-citadel:8060"

charts/rancher-istio/1.4.300/values-istio-sds-auth.yaml

@@ -14,7 +14,8 @@ global:
 
 nodeagent:
   enabled: true
-  image: node-agent-k8s
+  repository: rancher/istio-node-agent-k8s
+  tag: 1.4.3
   env:
     CA_PROVIDER: "Citadel"
     CA_ADDR: "istio-citadel:8060"

charts/rancher-istio/1.4.300/values.yaml

@@ -22,7 +22,8 @@ gateways:
 # charts/sidecarInjectorWebhook/values.yaml for detailed configuration
 #
 sidecarInjectorWebhook:
-  image: istio-sidecar_injector
+  repository: rancher/istio-sidecar_injector
+  tag: 1.4.3
   enabled: true
 
 #
@@ -30,7 +31,8 @@ sidecarInjectorWebhook:
 # for detailed configuration
 #
 galley:
-  image: istio-galley
+  repository: rancher/istio-galley
+  tag: 1.4.3
   enabled: true
 
 #
@@ -38,7 +40,8 @@ galley:
 #
 # @see charts/mixer/values.yaml for all values
 mixer:
-  image: istio-mixer
+  repository: rancher/istio-mixer
+  tag: 1.4.3
   policy:
     # if policy is enabled the global.disablePolicyChecks has affect.
     enabled: true
@@ -50,35 +53,38 @@ mixer:
 #
 # @see charts/pilot/values.yaml
 pilot:
-  image: istio-pilot
+  repository: rancher/istio-pilot
+  tag: 1.4.3
   enabled: true
 
 #
 # security configuration
 #
 security:
-  image: istio-citadel
+  repository: rancher/istio-citadel
+  tag: 1.4.3
   enabled: true
 
 #
 # nodeagent configuration
 #
 nodeagent:
-  image: istio-node-agent-k8s
   enabled: false
 
 #
 # addon grafana configuration
 #
 grafana:
-  image: grafana-grafana
+  repository: rancher/grafana-grafana
+  tag: 6.3.6
   enabled: false
 
 #
 # addon prometheus configuration
 #
 prometheus:
-  image: prom-prometheus
+  repository: rancher/prom-prometheus
+  tag: v2.12.0
   enabled: false
 
 #
@@ -86,19 +92,19 @@ prometheus:
 #
 tracing:
   jaeger:
-    hub: docker.io/rancher
-    image: jaegertracing-all-in-one
+    repository: rancher/jaegertracing-all-in-one
+    tag: 1.14
   zipkin:
-    hub: docker.io/rancher
-    image: openzipkin-zipkin
+    repository: rancher/openzipkin-zipkin
+    tag: 2.14.2
   enabled: false
 
 #
 # addon kiali tracing configuration
 #
 kiali:
-  hub: docker.io/rancher
-  image: kiali-kiali
+  repository: rancher/kiali-kiali
+  tag: v1.9
   contextPath: /
   dashboard:
     jaegerURL: http://tracing.istio-system:80
@@ -113,6 +119,9 @@ kiali:
 #
 certmanager:
   enabled: false
+  image:
+    repository: rancher/jetstack-cert-manager-controller
+    tag: v0.8.1
 
 #
 # Istio CNI plugin enabled
@@ -126,12 +135,24 @@ istio_cni:
 # addon Istio CoreDNS configuration
 #
 istiocoredns:
-  coreDNSImage: coredns-coredns
-  coreDNSPluginImage: istio-coredns-plugin
+  image:
+    repository: rancher/coredns-coredns
+    tag: 1.6.2
+  pluginImage:
+    repository: rancher/istio-coredns-plugin
+    tag: 0.2-istio-1.1
   enabled: false
 
 # Common settings used among istio subcharts.
 global:
+
+  # Specify rancher clusterId of external tracing config
+  # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032
+  rancher:
+    clusterId:
+
+  systemDefaultRegistry: ""
+
   # Default hub for Istio images.
   # Releases are published to docker hub under 'istio' project.
   # Dev builds from prow are on gcr.io
@@ -146,6 +167,10 @@ global:
   logging:
     level: "default:info"
 
+  kubectl:
+    repository: rancher/istio-kubectl
+    tag: 1.4.3
+
   # monitoring port used by mixer, pilot, galley and sidecar injector
   monitoringPort: 15014
 
@@ -162,6 +187,10 @@ global:
     # will result in LDS rejection and the ingress will not work.
     enableHttps: false
 
+  curl:
+    repository: rancher/pstauffer-curl
+    tag: v1.0.3
+
   proxy:
     # Configuration for the proxy init container
     init:
@@ -173,7 +202,8 @@ global:
           cpu: 10m
           memory: 10Mi
     # use fully qualified image names for alternate path to proxy.
-    image: istio-proxyv2
+    repository: rancher/istio-proxyv2
+    tag: 1.4.3
 
     # cluster domain. Default value is "cluster.local".
     clusterDomain: "cluster.local"
@@ -331,7 +361,8 @@ global:
 
   proxy_init:
     # Base name for the istio-init container, used to configure iptables.
-    image: istio-proxyv2
+    repository: rancher/istio-proxyv2
+    tag: 1.4.3
 
   # imagePullPolicy is applied to istio control plane components.
   # local tests require IfNotPresent, to avoid uploading to dockerhub.
@@ -557,6 +588,9 @@ global:
   # defaultConfigVisibilitySettings:
   #- '*'
 
+  nodeagent:
+    repository: rancher/istio-node-agent-k8s
+    tag: 1.4.3
   sds:
     # SDS enabled. IF set to true, mTLS certificates for the sidecars will be
     # distributed through the SecretDiscoveryService instead of using K8S secrets to mount the certificates.