Istio 1.4.300

I know, the version looks wierd. But we needed to version our chart without making it terribly confusing for end users and also sticking to semver.

Istio 1.4.300
a3cf28cb · Caleb Bron · cf68b2b7 · a3cf28cb · a3cf28cb · a3cf28cb
Commit a3cf28cb authored Jan 22, 2020 by Caleb Bron
46 changed files
--- a/charts/rancher-istio/1.4.3/questions.yaml
+++ b/charts/rancher-istio/1.4.3/questions.yaml
 labels:
  rancher.istio.v1.4.3: 1.4.3
 rancher_min_version: 2.3.4-rc1
+rancher_max_version: 2.3.4-rc1
--- a/charts/rancher-istio/1.4.300/Chart.yaml
+++ b/charts/rancher-istio/1.4.300/Chart.yaml
@@ -14,4 +14,4 @@ name: rancher-istio
 sources:
 - http://github.com/istio/istio
 tillerVersion: '>=2.7.2-0'
-version: 1.4.3
+version: 1.4.300
--- a/charts/rancher-istio/1.4.300/charts/certmanager/templates/deployment.yaml
+++ b/charts/rancher-istio/1.4.300/charts/certmanager/templates/deployment.yaml
@@ -35,7 +35,11 @@ spec:
 {{- end }}
      containers:
      - name: certmanager
-        image: "{{ .Values.hub }}/{{ .Values.image }}:{{ .Values.tag }}"
+        {{- if .Values.global.systemDefaultRegistry }}
+        image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        {{- else }}
+        image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
+        {{- end }}
        imagePullPolicy: {{ .Values.global.imagePullPolicy }}
        args:
        - --cluster-resource-namespace=$(POD_NAMESPACE)

--- a/charts/rancher-istio/1.4.300/charts/certmanager/values.yaml
+++ b/charts/rancher-istio/1.4.300/charts/certmanager/values.yaml
@@ -5,9 +5,6 @@
 # restart, DestinationRules can be created using the ACME-signed certificates.
 enabled: false
 replicaCount: 1
-hub: quay.io/jetstack
-image: cert-manager-controller
-tag: v0.8.1
 resources: {}
 nodeSelector: {}
 tolerations: []

--- a/charts/rancher-istio/1.4.300/charts/galley/templates/deployment.yaml
+++ b/charts/rancher-istio/1.4.300/charts/galley/templates/deployment.yaml
@@ -38,11 +38,7 @@ spec:
 {{- end }}
      containers:
        - name: galley
-{{- if contains "/" .Values.image }}
+          image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}"
-          image: "{{ .Values.image }}"
-{{- else }}
-          image: "{{ .Values.global.hub }}/{{ .Values.image }}:{{ .Values.global.tag }}"
-{{- end }}
          imagePullPolicy: {{ .Values.global.imagePullPolicy }}
          ports:
          - containerPort: 443

--- a/charts/rancher-istio/1.4.300/charts/galley/values.yaml
+++ b/charts/rancher-istio/1.4.300/charts/galley/values.yaml
@@ -5,7 +5,6 @@ enabled: true
 replicaCount: 1
 rollingMaxSurge: 100%
 rollingMaxUnavailable: 25%
-image: galley
 nodeSelector: {}
 tolerations: []
 podAnnotations: {}

--- a/charts/rancher-istio/1.4.300/charts/gateways/templates/deployment.yaml
+++ b/charts/rancher-istio/1.4.300/charts/gateways/templates/deployment.yaml
@@ -44,7 +44,7 @@ spec:
 {{- if $.Values.global.proxy.enableCoreDump }}
      initContainers:
        - name: enable-core-dump
-          image: {{ $.Values.global.proxy.enableCoreDumpImage }}
+          image: "{{ template "system_default_registry" $ }}{{ $.Values.global.proxy_init.repository }}:{{ $.Values.global.proxy_init.tag }}"
          imagePullPolicy: {{ $.Values.global.imagePullPolicy }}
          command:
            - /bin/sh
@@ -58,11 +58,7 @@ spec:
 {{- if $spec.sds }}
 {{- if $spec.sds.enabled }}
        - name: ingress-sds
-{{- if contains "/" $spec.sds.image }}
+          image: "{{ template "system_default_registry" $ }}{{ $.Values.global.nodeagent.repository }}:{{ $.Values.global.nodeagent.tag }}"
-          image: "{{ $spec.sds.image }}"
-{{- else }}
-          image: "{{ $.Values.global.hub }}/{{ $spec.sds.image }}:{{ $.Values.global.tag }}"
-{{- end }}
          imagePullPolicy: {{ $.Values.global.imagePullPolicy }}
          resources:
 {{- if $spec.sds.resources }}
@@ -86,11 +82,7 @@ spec:
 {{- end }}
 {{- end }}
        - name: istio-proxy
-{{- if contains "/" $.Values.global.proxy.image }}
+          image: "{{ template "system_default_registry" $ }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}"
-          image: "{{ $.Values.global.proxy.image }}"
-{{- else }}
-          image: "{{ $.Values.global.hub }}/{{ $.Values.global.proxy.image }}:{{ $.Values.global.tag }}"
-{{- end }}
          imagePullPolicy: {{ $.Values.global.imagePullPolicy }}
          ports:
            {{- range $key, $val := $spec.ports }}

--- a/charts/rancher-istio/1.4.300/charts/gateways/values.yaml
+++ b/charts/rancher-istio/1.4.300/charts/gateways/values.yaml
@@ -17,7 +17,6 @@ istio-ingressgateway:
    enabled: false
    # SDS server that watches kubernetes secrets and provisions credentials to ingress gateway.
    # This server runs in the same pod as ingress gateway.
-    image: node-agent-k8s
    resources:
      requests:
        cpu: 100m

--- a/charts/rancher-istio/1.4.300/charts/grafana/templates/create-custom-resources-job.yaml
+++ b/charts/rancher-istio/1.4.300/charts/grafana/templates/create-custom-resources-job.yaml
@@ -81,7 +81,7 @@ spec:
      serviceAccountName: istio-grafana-post-install-account
      containers:
        - name: kubectl
-          image: "{{ .Values.global.hub }}/kubectl:{{ .Values.global.tag }}"
+          image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}"
          command: [ "/bin/bash", "/tmp/grafana/run.sh", "/tmp/grafana/custom-resources.yaml" ]
          volumeMounts:
            - mountPath: "/tmp/grafana"

--- a/charts/rancher-istio/1.4.300/charts/grafana/templates/deployment.yaml
+++ b/charts/rancher-istio/1.4.300/charts/grafana/templates/deployment.yaml
@@ -38,7 +38,7 @@ spec:
 {{- end }}
      containers:
        - name: {{ .Chart.Name }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}"
          imagePullPolicy: {{ .Values.global.imagePullPolicy }}
          ports:
          - containerPort: 3000

--- a/charts/rancher-istio/1.4.300/charts/grafana/templates/tests/test-grafana-connection.yaml
+++ b/charts/rancher-istio/1.4.300/charts/grafana/templates/tests/test-grafana-connection.yaml
@@ -19,7 +19,7 @@ spec:
 {{- end }}
  containers:
    - name: "{{ template "grafana.fullname" . }}-test"
-      image: pstauffer/curl:v1.0.3
+      image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}"
      imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
      command: ['curl']
      args: ['http://grafana:{{ .Values.grafana.service.externalPort }}']

--- a/charts/rancher-istio/1.4.300/charts/grafana/values.yaml
+++ b/charts/rancher-istio/1.4.300/charts/grafana/values.yaml
@@ -3,9 +3,6 @@
 #
 enabled: false
 replicaCount: 1
-image:
-  repository: grafana/grafana
-  tag: 6.4.3
 ingress:
  enabled: false
  ## Used to create an Ingress record.

--- a/charts/rancher-istio/1.4.300/charts/istiocoredns/templates/configmap.yaml
+++ b/charts/rancher-istio/1.4.300/charts/istiocoredns/templates/configmap.yaml
@@ -13,7 +13,7 @@ data:
    .:53 {
          errors
          health
-          {{ if eq -1 (semver  .Values.coreDNSTag  | (semver "1.4.0").Compare) }}
+          {{ if eq -1 (semver .Values.image.tag  | (semver "1.4.0").Compare) }}
          # Removed support for the proxy plugin: https://coredns.io/2019/03/03/coredns-1.4.0-release/
          grpc global 127.0.0.1:8053
          forward . /etc/resolv.conf {

--- a/charts/rancher-istio/1.4.300/charts/istiocoredns/templates/deployment.yaml
+++ b/charts/rancher-istio/1.4.300/charts/istiocoredns/templates/deployment.yaml
@@ -37,7 +37,7 @@ spec:
 {{- end }}
      containers:
      - name: coredns
-        image: {{ .Values.coreDNSImage }}:{{ .Values.coreDNSTag }}
+        image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}"
        imagePullPolicy: {{ .Values.global.imagePullPolicy }}
        args: [ "-conf", "/etc/coredns/Corefile" ]
        volumeMounts:
@@ -71,7 +71,7 @@ spec:
      - name: istio-coredns-plugin
        command:
        - /usr/local/bin/plugin
-        image: {{ .Values.coreDNSPluginImage }}
+        image: "{{ template "system_default_registry" . }}{{ .Values.pluginImage.repository }}:{{ .Values.pluginImage.tag }}"
        imagePullPolicy: {{ .Values.global.imagePullPolicy }}
        ports:
        - containerPort: 8053

--- a/charts/rancher-istio/1.4.300/charts/istiocoredns/values.yaml
+++ b/charts/rancher-istio/1.4.300/charts/istiocoredns/values.yaml
@@ -5,12 +5,9 @@ enabled: false
 replicaCount: 1
 rollingMaxSurge: 100%
 rollingMaxUnavailable: 25%
-coreDNSImage: coredns/coredns
-coreDNSTag: 1.6.2
 # Source code for the plugin can be found at
 # https://github.com/istio-ecosystem/istio-coredns-plugin
 # The plugin listens for DNS requests from coredns server at 127.0.0.1:8053
-coreDNSPluginImage: istio/coredns-plugin:0.2-istio-1.1
 nodeSelector: {}
 tolerations: []
 podAnnotations: {}

--- a/charts/rancher-istio/1.4.300/charts/kiali/templates/deployment.yaml
+++ b/charts/rancher-istio/1.4.300/charts/kiali/templates/deployment.yaml
@@ -36,7 +36,7 @@ spec:
      priorityClassName: "{{ .Values.global.priorityClassName }}"
 {{- end }}
      containers:
-      - image: "{{ .Values.hub }}/{{ .Values.image }}:{{ .Values.tag }}"
+      - image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}"
        imagePullPolicy: {{ .Values.global.imagePullPolicy }}
        name: kiali
        command:

--- a/charts/rancher-istio/1.4.300/charts/kiali/templates/tests/test-kiali-connection.yaml
+++ b/charts/rancher-istio/1.4.300/charts/kiali/templates/tests/test-kiali-connection.yaml
@@ -19,7 +19,7 @@ spec:
 {{- end }}
  containers:
    - name: "{{ template "kiali.fullname" . }}-test"
-      image: pstauffer/curl:v1.0.3
+      image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}"
      imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
      command: ['curl']
      args: ['http://kiali:20001']

--- a/charts/rancher-istio/1.4.300/charts/kiali/values.yaml
+++ b/charts/rancher-istio/1.4.300/charts/kiali/values.yaml
@@ -3,9 +3,6 @@
 #
 enabled: false # Note that if using the demo or demo-auth yaml when installing via Helm, this default will be `true`.
 replicaCount: 1
-hub: quay.io/kiali
-image: kiali
-tag: v1.9
 contextPath: /kiali # The root context path to access the Kiali UI.
 nodeSelector: {}
 tolerations: []

--- a/charts/rancher-istio/1.4.300/charts/mixer/templates/deployment.yaml
+++ b/charts/rancher-istio/1.4.300/charts/mixer/templates/deployment.yaml
@@ -39,11 +39,7 @@
      {{- end }}
      containers:
      - name: mixer
-{{- if contains "/" .Values.image }}
+        image: "{{ template "system_default_registry" . }}{{ $.Values.repository }}:{{ $.Values.tag }}"
-        image: "{{ .Values.image }}"
-{{- else }}
-        image: "{{ $.Values.global.hub }}/{{ $.Values.image }}:{{ $.Values.global.tag }}"
-{{- end }}
        imagePullPolicy: {{ $.Values.global.imagePullPolicy }}
        ports:
        - containerPort: {{ .Values.global.monitoringPort }}
@@ -111,11 +107,7 @@
          initialDelaySeconds: 5
          periodSeconds: 5
      - name: istio-proxy
-{{- if contains "/" $.Values.global.proxy.image }}
+        image: "{{ template "system_default_registry" . }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}"
-        image: "{{ $.Values.global.proxy.image }}"
-{{- else }}
-        image: "{{ $.Values.global.hub }}/{{ $.Values.global.proxy.image }}:{{ $.Values.global.tag }}"
-{{- end }}
        imagePullPolicy: {{ $.Values.global.imagePullPolicy }}
        ports:
        - containerPort: 9091
@@ -233,11 +225,7 @@
      {{- end }}
      containers:
      - name: mixer
-{{- if contains "/" .Values.image }}
+        image: "{{ template "system_default_registry" . }}{{ $.Values.repository }}:{{ $.Values.tag }}"
-        image: "{{ .Values.image }}"
-{{- else }}
-        image: "{{ $.Values.global.hub }}/{{ $.Values.image }}:{{ $.Values.global.tag }}"
-{{- end }}
        imagePullPolicy: {{ $.Values.global.imagePullPolicy }}
        ports:
        - containerPort: {{ .Values.global.monitoringPort }}
@@ -314,11 +302,7 @@
          initialDelaySeconds: 5
          periodSeconds: 5
      - name: istio-proxy
-{{- if contains "/" $.Values.global.proxy.image }}
+        image: "{{ template "system_default_registry" . }}{{ $.Values.global.proxy.repository }}:{{ $.Values.global.proxy.tag }}"
-        image: "{{ $.Values.global.proxy.image }}"
-{{- else }}
-        image: "{{ $.Values.global.hub }}/{{ $.Values.global.proxy.image }}:{{ $.Values.global.tag }}"
-{{- end }}
        imagePullPolicy: {{ $.Values.global.imagePullPolicy }}
        ports:
        - containerPort: 9091

--- a/charts/rancher-istio/1.4.300/charts/mixer/values.yaml
+++ b/charts/rancher-istio/1.4.300/charts/mixer/values.yaml
 #
 # mixer configuration
 #
-image: mixer
 env:
  # max procs should be ceil(cpu limit + 1)

--- a/charts/rancher-istio/1.4.300/charts/nodeagent/templates/daemonset.yaml
+++ b/charts/rancher-istio/1.4.300/charts/nodeagent/templates/daemonset.yaml
@@ -30,11 +30,7 @@ spec:
 {{- end }}
      containers:
      - name: nodeagent
-{{- if contains "/" .Values.image }}
+        image: "{{ template "system_default_registry" . }}{{ $.Values.global.nodeagent.repository }}:{{ $.Values.global.nodeagent.tag }}"
-        image: "{{ .Values.image }}"
-{{- else }}
-        image: "{{ .Values.global.hub }}/{{ .Values.image }}:{{ .Values.global.tag }}"
-{{- end }}
        imagePullPolicy: {{ .Values.global.imagePullPolicy }}
        volumeMounts:
        - mountPath: /var/run/sds

--- a/charts/rancher-istio/1.4.300/charts/nodeagent/values.yaml
+++ b/charts/rancher-istio/1.4.300/charts/nodeagent/values.yaml
@@ -2,7 +2,6 @@
 # nodeagent configuration
 #
 enabled: false
-image: node-agent-k8s
 env:
  # name of authentication provider.
  CA_PROVIDER: ""

--- a/charts/rancher-istio/1.4.300/charts/pilot/templates/deployment.yaml
+++ b/charts/rancher-istio/1.4.300/charts/pilot/templates/deployment.yaml
@@ -45,11 +45,7 @@ spec:
 {{- end }}
      containers:
        - name: discovery
-{{- if contains "/" .Values.image }}
+          image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}"
-          image: "{{ .Values.image }}"
-{{- else }}
-          image: "{{ .Values.global.hub }}/{{ .Values.image }}:{{ .Values.global.tag }}"
-{{- end }}
          imagePullPolicy: {{ .Values.global.imagePullPolicy }}
          args:
          - "discovery"
@@ -131,11 +127,7 @@ spec:
 {{- end }}
 {{- if .Values.sidecar }}
        - name: istio-proxy
-{{- if contains "/" .Values.global.proxy.image }}
+          image: "{{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}"
-          image: "{{ .Values.global.proxy.image }}"
-{{- else }}
-          image: "{{ .Values.global.hub }}/{{ .Values.global.proxy.image }}:{{ .Values.global.tag }}"
-{{- end }}
          imagePullPolicy: {{ .Values.global.imagePullPolicy }}
          ports:
          - containerPort: 15003

--- a/charts/rancher-istio/1.4.300/charts/pilot/values.yaml
+++ b/charts/rancher-istio/1.4.300/charts/pilot/values.yaml
@@ -9,7 +9,6 @@ autoscaleMax: 5
 # replicaCount: 1
 rollingMaxSurge: 100%
 rollingMaxUnavailable: 25%
-image: pilot
 sidecar: true
 traceSampling: 1.0
 # if protocol sniffing is enabled for outbound

--- a/charts/rancher-istio/1.4.300/charts/prometheus/templates/deployment.yaml
+++ b/charts/rancher-istio/1.4.300/charts/prometheus/templates/deployment.yaml
@@ -30,7 +30,7 @@ spec:
 {{- end }}
      containers:
        - name: prometheus
-          image: "{{ .Values.hub }}/{{ .Values.image }}:{{ .Values.tag }}"
+          image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}"
          imagePullPolicy: {{ .Values.global.imagePullPolicy }}
          args:
            - '--storage.tsdb.retention={{ .Values.retention }}'

--- a/charts/rancher-istio/1.4.300/charts/prometheus/templates/tests/test-prometheus-connection.yaml
+++ b/charts/rancher-istio/1.4.300/charts/prometheus/templates/tests/test-prometheus-connection.yaml
@@ -19,7 +19,7 @@ spec:
 {{- end }}
  containers:
    - name: "{{ template "prometheus.fullname" . }}-test"
-      image: pstauffer/curl:v1.0.3
+      image: {{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}
      imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
      command: ['sh', '-c', 'for i in 1 2 3; do curl http://prometheus:9090/-/ready && exit 0 || sleep 15; done; exit 1']
  restartPolicy: Never

--- a/charts/rancher-istio/1.4.300/charts/prometheus/values.yaml
+++ b/charts/rancher-istio/1.4.300/charts/prometheus/values.yaml
@@ -3,9 +3,6 @@
 #
 enabled: true
 replicaCount: 1
-hub: docker.io/prom
-image: prometheus
-tag: v2.12.0
 retention: 6h
 nodeSelector: {}
 tolerations: []

--- a/charts/rancher-istio/1.4.300/charts/security/templates/create-custom-resources-job.yaml
+++ b/charts/rancher-istio/1.4.300/charts/security/templates/create-custom-resources-job.yaml
@@ -85,7 +85,7 @@ spec:
      serviceAccountName: istio-security-post-install-account
      containers:
        - name: kubectl
-          image: "{{ .Values.global.hub }}/istio-kubectl:{{ .Values.global.tag }}"
+          image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}"
          imagePullPolicy: IfNotPresent
          command: [ "/bin/bash", "/tmp/security/run.sh", "/tmp/security/custom-resources.yaml" ]
          volumeMounts:

--- a/charts/rancher-istio/1.4.300/charts/security/templates/deployment.yaml
+++ b/charts/rancher-istio/1.4.300/charts/security/templates/deployment.yaml
@@ -39,11 +39,7 @@ spec:
 {{- end }}
      containers:
        - name: citadel
-{{- if contains "/" .Values.image }}
+          image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}"
-          image: "{{ .Values.image }}"
-{{- else }}
-          image: "{{ .Values.global.hub }}/{{ .Values.image }}:{{ .Values.global.tag }}"
-{{- end }}
          imagePullPolicy: {{ .Values.global.imagePullPolicy }}
          args:
          {{- if .Values.global.sds.enabled }}

--- a/charts/rancher-istio/1.4.300/charts/security/templates/tests/test-citadel-connection.yaml
+++ b/charts/rancher-istio/1.4.300/charts/security/templates/tests/test-citadel-connection.yaml
@@ -19,7 +19,7 @@ spec:
 {{- end }}
  containers:
    - name: "{{ template "security.fullname" . }}-test"
-      image: pstauffer/curl:v1.0.3
+      image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}"
      imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
      command: ['sh', '-c', 'for i in 1 2 3; do curl http://istio-citadel:{{ .Values.global.monitoringPort }}/version && exit 0 || sleep 15; done; exit 1']
  restartPolicy: Never

--- a/charts/rancher-istio/1.4.300/charts/security/values.yaml
+++ b/charts/rancher-istio/1.4.300/charts/security/values.yaml
@@ -5,7 +5,6 @@ enabled: true
 replicaCount: 1
 rollingMaxSurge: 100%
 rollingMaxUnavailable: 25%
-image: citadel
 selfSigned: true # indicate if self-signed CA is used.
 createMeshPolicy: true
 nodeSelector: {}

--- a/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/templates/deployment.yaml
+++ b/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/templates/deployment.yaml
@@ -38,11 +38,7 @@ spec:
 {{- end }}
      containers:
        - name: sidecar-injector-webhook
-{{- if contains "/" .Values.image }}
+          image: "{{ template "system_default_registry" . }}{{ .Values.repository }}:{{ .Values.tag }}"
-          image: "{{ .Values.image }}"
-{{- else }}
-          image: "{{ .Values.global.hub }}/{{ .Values.image }}:{{ .Values.global.tag }}"
-{{- end }}
          imagePullPolicy: {{ .Values.global.imagePullPolicy }}
          args:
            - --caCertFile=/etc/istio/certs/root-cert.pem

--- a/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/values.yaml
+++ b/charts/rancher-istio/1.4.300/charts/sidecarInjectorWebhook/values.yaml
@@ -5,7 +5,6 @@ enabled: true
 replicaCount: 1
 rollingMaxSurge: 100%
 rollingMaxUnavailable: 25%
-image: sidecar_injector
 enableNamespacesByDefault: false
 nodeSelector: {}
 tolerations: []

--- a/charts/rancher-istio/1.4.300/charts/tracing/templates/deployment-jaeger.yaml
+++ b/charts/rancher-istio/1.4.300/charts/tracing/templates/deployment-jaeger.yaml
@@ -40,7 +40,7 @@ spec:
 {{- end }}
      containers:
        - name: jaeger
-          image: "{{ .Values.jaeger.hub }}/{{ .Values.jaeger.image }}:{{ .Values.jaeger.tag }}"
+          image: "{{ template "system_default_registry" . }}{{ .Values.jaeger.repository }}:{{ .Values.jaeger.tag }}"
          imagePullPolicy: {{ .Values.global.imagePullPolicy }}
          ports:
            - containerPort: 9411

--- a/charts/rancher-istio/1.4.300/charts/tracing/templates/deployment-zipkin.yaml
+++ b/charts/rancher-istio/1.4.300/charts/tracing/templates/deployment-zipkin.yaml
@@ -39,7 +39,7 @@ spec:
 {{- end }}
      containers:
        - name: zipkin
-          image: "{{ .Values.zipkin.hub }}/{{ .Values.zipkin.image }}:{{ .Values.zipkin.tag }}"
+          image: "{{ template "system_default_registry" . }}{{ .Values.zipkin.repository }}:{{ .Values.zipkin.tag }}"
          imagePullPolicy: {{ .Values.global.imagePullPolicy }}
          ports:
            - containerPort: {{ .Values.zipkin.queryPort }}

--- a/charts/rancher-istio/1.4.300/charts/tracing/templates/tests/test-tracing-connection.yaml
+++ b/charts/rancher-istio/1.4.300/charts/tracing/templates/tests/test-tracing-connection.yaml
@@ -18,7 +18,7 @@ spec:
 {{- end }}
  containers:
    - name: "{{ .Values.provider }}-test"
-      image: pstauffer/curl:v1.0.3
+      image: "{{ template "system_default_registry" . }}{{ .Values.global.curl.repository }}:{{ .Values.global.curl.tag }}"
      imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
      command: ['curl']
      {{- if eq .Values.provider "jaeger" }}

--- a/charts/rancher-istio/1.4.300/charts/tracing/values.yaml
+++ b/charts/rancher-istio/1.4.300/charts/tracing/values.yaml
@@ -29,9 +29,6 @@ podAntiAffinityLabelSelector: []
 podAntiAffinityTermLabelSelector: []
 jaeger:
-  hub: docker.io/jaegertracing
-  image: all-in-one
-  tag: 1.14
  podAnnotations: {}
  memory:
    max_traces: 50000
@@ -43,9 +40,6 @@ jaeger:
 zipkin:
-  hub: docker.io/openzipkin
-  image: zipkin
-  tag: 2.14.2
  podAnnotations: {}
  probeStartupDelay: 200
  queryPort: 9411

--- a/charts/rancher-istio/1.4.300/example-values/values-istio-example-sds-vault.yaml
+++ b/charts/rancher-istio/1.4.300/example-values/values-istio-example-sds-vault.yaml
@@ -12,7 +12,8 @@ global:
 nodeagent:
  enabled: true
-  image: node-agent-k8s
+  repository: rancher/istio-node-agent-k8s
+  tag: 1.4.3
  env:
    # The IP address and the port number of a publicly accessible example Vault server.
    CA_ADDR: "https://34.83.129.211:8200"

--- a/charts/rancher-istio/1.4.300/example-values/values-istio-googleca.yaml
+++ b/charts/rancher-istio/1.4.300/example-values/values-istio-googleca.yaml
@@ -20,7 +20,8 @@ global:
 nodeagent:
  enabled: true
-  image: node-agent-k8s
+  repository: rancher/istio-node-agent-k8s
+  tag: 1.4.3
  env:
    CA_PROVIDER: "GoogleCA"
    CA_ADDR: "meshca.googleapis.com:443"

--- a/charts/rancher-istio/1.4.300/files/injection-template.yaml
+++ b/charts/rancher-istio/1.4.300/files/injection-template.yaml
@@ -4,11 +4,11 @@ initContainers:
 {{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }}
 {{- if not .Values.istio_cni.enabled }}
 - name: istio-init
-{{- if contains "/" .Values.global.proxy_init.image }}
+  {{- if .Values.global.systemDefaultRegistry }}
-  image: "{{ .Values.global.proxy_init.image }}"
+  image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }}"
-{{- else }}
+  {{- else }}
-  image: "{{ .Values.global.hub }}/{{ .Values.global.proxy_init.image }}:{{ .Values.global.tag }}"
+  image: "{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }}"
-{{- end }}
+  {{- end }}
  command:
  - istio-iptables
  - "-p"
@@ -65,7 +65,11 @@ initContainers:
  - sysctl -w kernel.core_pattern=/var/lib/istio/core.proxy && ulimit -c unlimited
  command:
    - /bin/sh
-  image: {{ $.Values.global.proxy.enableCoreDumpImage }}
+  {{- if .Values.global.systemDefaultRegistry }}
+  image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy.enableCoreDumpImage }}"
+  {{- else }}
+  image: "{{ .Values.global.proxy.enableCoreDumpImage }}"
+  {{- end }}
  imagePullPolicy: IfNotPresent
  resources: {}
  securityContext:
@@ -84,10 +88,10 @@ initContainers:
 {{- end }}
 containers:
 - name: istio-proxy
-{{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }}
+{{- if .Values.global.systemDefaultRegistry }}
-  image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}"
+  image: "{{ .Values.global.systemDefaultRegistry }}/{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}"
 {{- else }}
-  image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.hub }}/{{ .Values.global.proxy.image }}:{{ .Values.global.tag }}"
+  image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.repository}}:{{ .Values.global.proxy.tag }}"
 {{- end }}
  ports:
  - containerPort: 15090

--- a/charts/rancher-istio/1.4.300/questions.yaml
+++ b/charts/rancher-istio/1.4.300/questions.yaml
 labels:
-  rancher.istio.v1.4.3: 1.4.3
+  rancher.istio.v1.4.300: 1.4.3
 rancher_min_version: 2.3.4-rc1
--- a/charts/rancher-istio/1.4.300/templates/_helpers.tpl
+++ b/charts/rancher-istio/1.4.300/templates/_helpers.tpl
@@ -37,3 +37,12 @@ Create a fully qualified configmap name.
 {{- define "istio.configmap.fullname" -}}
 {{- printf "%s-%s" .Release.Name "istio-mesh-config" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
+{{- define "system_default_registry" -}}
+{{- if .Values.global.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
--- a/charts/rancher-istio/1.4.300/test-values/values-istio-auth-sds.yaml
+++ b/charts/rancher-istio/1.4.300/test-values/values-istio-auth-sds.yaml
@@ -17,7 +17,8 @@ global:
 nodeagent:
  enabled: true
-  image: node-agent-k8s
+  repository: rancher/istio-node-agent-k8s
+  tag: 1.4.3
  env:
    CA_PROVIDER: "Citadel"
    CA_ADDR: "istio-citadel:8060"

--- a/charts/rancher-istio/1.4.300/values-istio-sds-auth-control-plane-auth-disabled.yaml
+++ b/charts/rancher-istio/1.4.300/values-istio-sds-auth-control-plane-auth-disabled.yaml
@@ -14,7 +14,8 @@ global:
 nodeagent:
  enabled: true
-  image: node-agent-k8s
+  repository: rancher/istio-node-agent-k8s
+  tag: 1.4.3
  env:
    CA_PROVIDER: "Citadel"
    CA_ADDR: "istio-citadel:8060"

--- a/charts/rancher-istio/1.4.300/values-istio-sds-auth.yaml
+++ b/charts/rancher-istio/1.4.300/values-istio-sds-auth.yaml
@@ -14,7 +14,8 @@ global:
 nodeagent:
  enabled: true
-  image: node-agent-k8s
+  repository: rancher/istio-node-agent-k8s
+  tag: 1.4.3
  env:
    CA_PROVIDER: "Citadel"
    CA_ADDR: "istio-citadel:8060"

--- a/charts/rancher-istio/1.4.300/values.yaml
+++ b/charts/rancher-istio/1.4.300/values.yaml
@@ -22,7 +22,8 @@ gateways:
 # charts/sidecarInjectorWebhook/values.yaml for detailed configuration
 #
 sidecarInjectorWebhook:
-  image: istio-sidecar_injector
+  repository: rancher/istio-sidecar_injector
+  tag: 1.4.3
  enabled: true
 #
@@ -30,7 +31,8 @@ sidecarInjectorWebhook:
 # for detailed configuration
 #
 galley:
-  image: istio-galley
+  repository: rancher/istio-galley
+  tag: 1.4.3
  enabled: true
 #
@@ -38,7 +40,8 @@ galley:
 #
 # @see charts/mixer/values.yaml for all values
 mixer:
-  image: istio-mixer
+  repository: rancher/istio-mixer
+  tag: 1.4.3
  policy:
    # if policy is enabled the global.disablePolicyChecks has affect.
    enabled: true
@@ -50,35 +53,38 @@ mixer:
 #
 # @see charts/pilot/values.yaml
 pilot:
-  image: istio-pilot
+  repository: rancher/istio-pilot
+  tag: 1.4.3
  enabled: true
 #
 # security configuration
 #
 security:
-  image: istio-citadel
+  repository: rancher/istio-citadel
+  tag: 1.4.3
  enabled: true
 #
 # nodeagent configuration
 #
 nodeagent:
-  image: istio-node-agent-k8s
  enabled: false
 #
 # addon grafana configuration
 #
 grafana:
-  image: grafana-grafana
+  repository: rancher/grafana-grafana
+  tag: 6.3.6
  enabled: false
 #
 # addon prometheus configuration
 #
 prometheus:
-  image: prom-prometheus
+  repository: rancher/prom-prometheus
+  tag: v2.12.0
  enabled: false
 #
@@ -86,19 +92,19 @@ prometheus:
 #
 tracing:
  jaeger:
-    hub: docker.io/rancher
+    repository: rancher/jaegertracing-all-in-one
-    image: jaegertracing-all-in-one
+    tag: 1.14
  zipkin:
-    hub: docker.io/rancher
+    repository: rancher/openzipkin-zipkin
-    image: openzipkin-zipkin
+    tag: 2.14.2
  enabled: false
 #
 # addon kiali tracing configuration
 #
 kiali:
-  hub: docker.io/rancher
+  repository: rancher/kiali-kiali
-  image: kiali-kiali
+  tag: v1.9
  contextPath: /
  dashboard:
    jaegerURL: http://tracing.istio-system:80
@@ -113,6 +119,9 @@ kiali:
 #
 certmanager:
  enabled: false
+  image:
+    repository: rancher/jetstack-cert-manager-controller
+    tag: v0.8.1
 #
 # Istio CNI plugin enabled
@@ -126,12 +135,24 @@ istio_cni:
 # addon Istio CoreDNS configuration
 #
 istiocoredns:
-  coreDNSImage: coredns-coredns
+  image:
-  coreDNSPluginImage: istio-coredns-plugin
+    repository: rancher/coredns-coredns
+    tag: 1.6.2
+  pluginImage:
+    repository: rancher/istio-coredns-plugin
+    tag: 0.2-istio-1.1
  enabled: false
 # Common settings used among istio subcharts.
 global:
+  # Specify rancher clusterId of external tracing config
+  # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032
+  rancher:
+    clusterId:
+  systemDefaultRegistry: ""
  # Default hub for Istio images.
  # Releases are published to docker hub under 'istio' project.
  # Dev builds from prow are on gcr.io
@@ -146,6 +167,10 @@ global:
  logging:
    level: "default:info"
+  kubectl:
+    repository: rancher/istio-kubectl
+    tag: 1.4.3
  # monitoring port used by mixer, pilot, galley and sidecar injector
  monitoringPort: 15014
@@ -162,6 +187,10 @@ global:
    # will result in LDS rejection and the ingress will not work.
    enableHttps: false
+  curl:
+    repository: rancher/pstauffer-curl
+    tag: v1.0.3
  proxy:
    # Configuration for the proxy init container
    init:
@@ -173,7 +202,8 @@ global:
          cpu: 10m
          memory: 10Mi
    # use fully qualified image names for alternate path to proxy.
-    image: istio-proxyv2
+    repository: rancher/istio-proxyv2
+    tag: 1.4.3
    # cluster domain. Default value is "cluster.local".
    clusterDomain: "cluster.local"
@@ -331,7 +361,8 @@ global:
  proxy_init:
    # Base name for the istio-init container, used to configure iptables.
-    image: istio-proxyv2
+    repository: rancher/istio-proxyv2
+    tag: 1.4.3
  # imagePullPolicy is applied to istio control plane components.
  # local tests require IfNotPresent, to avoid uploading to dockerhub.
@@ -557,6 +588,9 @@ global:
  # defaultConfigVisibilitySettings:
  #- '*'
+  nodeagent:
+    repository: rancher/istio-node-agent-k8s
+    tag: 1.4.3
  sds:
    # SDS enabled. IF set to true, mTLS certificates for the sidecars will be
    # distributed through the SecretDiscoveryService instead of using K8S secrets to mount the certificates.