From 9a5ea43e15901a92c385ce974903d8844f614313 Mon Sep 17 00:00:00 2001 From: openshift-service-mesh-bot Date: Mon, 20 Jan 2025 05:05:27 +0000 Subject: [PATCH] Automator: Update dependencies in istio-ecosystem/sail-operator@main Signed-off-by: openshift-service-mesh-bot --- .devcontainer/devcontainer.json | 2 +- .github/workflows/update-deps.yaml | 2 +- Makefile.core.mk | 12 ++--- api/v1alpha1/values_types.gen.go | 1 + bundle.Dockerfile | 2 +- .../sailoperator.clusterserviceversion.yaml | 24 +++++----- .../manifests/sailoperator.io_istiocnis.yaml | 2 +- .../sailoperator.io_istiorevisions.yaml | 2 +- .../sailoperator.io_istiorevisiontags.yaml | 2 +- bundle/manifests/sailoperator.io_istios.yaml | 2 +- .../manifests/sailoperator.io_ztunnels.yaml | 2 +- ...curity.istio.io_authorizationpolicies.yaml | 44 +++++++++++++++++++ bundle/metadata/annotations.yaml | 2 +- bundle/tests/scorecard/config.yaml | 10 ++--- chart/crds/sailoperator.io_istiocnis.yaml | 2 +- .../crds/sailoperator.io_istiorevisions.yaml | 2 +- .../sailoperator.io_istiorevisiontags.yaml | 2 +- chart/crds/sailoperator.io_istios.yaml | 2 +- chart/crds/sailoperator.io_ztunnels.yaml | 2 +- ...curity.istio.io_authorizationpolicies.yaml | 44 +++++++++++++++++++ chart/templates/olm/scorecard.yaml | 10 ++--- chart/values.yaml | 2 +- common/.commonfiles.sha | 2 +- common/config/license-lint.yml | 16 ++++++- common/scripts/kind_provisioner.sh | 12 ++--- common/scripts/setup_env.sh | 2 +- go.mod | 8 ++-- go.sum | 16 +++---- resources/latest/charts/base/Chart.yaml | 4 +- .../latest/charts/base/files/crd-all.gen.yaml | 44 +++++++++++++++++++ .../profile-compatibility-version-1.24.yaml | 3 ++ resources/latest/charts/cni/Chart.yaml | 4 +- .../profile-compatibility-version-1.24.yaml | 3 ++ .../charts/cni/templates/clusterrole.yaml | 2 +- .../charts/cni/templates/configmap-cni.yaml | 1 + resources/latest/charts/cni/values.yaml | 6 ++- resources/latest/charts/gateway/Chart.yaml | 4 +- .../profile-compatibility-version-1.24.yaml | 3 ++ .../charts/gateway/templates/deployment.yaml | 2 +- .../charts/gateway/templates/zzz_profile.yaml | 2 +- resources/latest/charts/istiod/Chart.yaml | 4 +- .../istiod/files/injection-template.yaml | 2 +- .../profile-compatibility-version-1.24.yaml | 3 ++ .../templates/remote-istiod-service.yaml | 2 +- resources/latest/charts/istiod/values.yaml | 2 +- .../profile-compatibility-version-1.24.yaml | 3 ++ .../latest/charts/revisiontags/values.yaml | 2 +- resources/latest/charts/ztunnel/Chart.yaml | 4 +- .../profile-compatibility-version-1.24.yaml | 3 ++ .../latest/charts/ztunnel/templates/rbac.yaml | 2 +- resources/latest/charts/ztunnel/values.yaml | 2 +- versions.yaml | 14 +++--- 52 files changed, 260 insertions(+), 92 deletions(-) diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 7f057ea2f..e73d8868f 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -1,6 +1,6 @@ { "name": "istio build-tools", - "image": "gcr.io/istio-testing/build-tools:master-0b8e6b9676d328fbeb28a23b8d1134dcc56d98ec", + "image": "gcr.io/istio-testing/build-tools:master-e02796cba1a2e48e50a8d09c60f9c6140b8a41ba", "privileged": true, "remoteEnv": { "USE_GKE_GCLOUD_AUTH_PLUGIN": "True", diff --git a/.github/workflows/update-deps.yaml b/.github/workflows/update-deps.yaml index 98cf48313..80551493b 100644 --- a/.github/workflows/update-deps.yaml +++ b/.github/workflows/update-deps.yaml @@ -23,7 +23,7 @@ jobs: update-deps: runs-on: ubuntu-latest container: - image: gcr.io/istio-testing/build-tools:master-0b8e6b9676d328fbeb28a23b8d1134dcc56d98ec + image: gcr.io/istio-testing/build-tools:master-e02796cba1a2e48e50a8d09c60f9c6140b8a41ba options: --entrypoint '' steps: diff --git a/Makefile.core.mk b/Makefile.core.mk index 40457ec40..ba85b38f0 100644 --- a/Makefile.core.mk +++ b/Makefile.core.mk @@ -478,12 +478,12 @@ OPM ?= $(LOCALBIN)/opm ISTIOCTL ?= $(LOCALBIN)/istioctl ## Tool Versions -OPERATOR_SDK_VERSION ?= v1.38.0 -HELM_VERSION ?= v3.16.4 -CONTROLLER_TOOLS_VERSION ?= v0.16.5 -OPM_VERSION ?= v1.49.0 -OLM_VERSION ?= v0.30.0 -GITLEAKS_VERSION ?= v8.21.2 +OPERATOR_SDK_VERSION ?= v1.39.1 +HELM_VERSION ?= v3.17.0 +CONTROLLER_TOOLS_VERSION ?= v0.17.1 +OPM_VERSION ?= v1.50.0 +OLM_VERSION ?= v0.31.0 +GITLEAKS_VERSION ?= v8.23.1 ISTIOCTL_VERSION ?= 1.23.0 # GENERATE_RELATED_IMAGES defines whether `spec.relatedImages` is going to be generated or not diff --git a/api/v1alpha1/values_types.gen.go b/api/v1alpha1/values_types.gen.go index f992471a2..bd895f579 100644 --- a/api/v1alpha1/values_types.gen.go +++ b/api/v1alpha1/values_types.gen.go @@ -419,6 +419,7 @@ type GlobalConfig struct { IpFamilyPolicy *string `json:"ipFamilyPolicy,omitempty"` // Specifies how waypoints are configured within Istio. Waypoint *WaypointConfig `json:"waypoint,omitempty"` // The next available key is 73 + } // Configuration for Security Token Service (STS) server. diff --git a/bundle.Dockerfile b/bundle.Dockerfile index 8b93d32f9..8c0ae3c74 100644 --- a/bundle.Dockerfile +++ b/bundle.Dockerfile @@ -6,7 +6,7 @@ LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ LABEL operators.operatorframework.io.bundle.package.v1=sailoperator LABEL operators.operatorframework.io.bundle.channels.v1="dev-0.3" -LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.38.0 +LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.39.1 LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v4 diff --git a/bundle/manifests/sailoperator.clusterserviceversion.yaml b/bundle/manifests/sailoperator.clusterserviceversion.yaml index a009e17f3..bbfc750ec 100644 --- a/bundle/manifests/sailoperator.clusterserviceversion.yaml +++ b/bundle/manifests/sailoperator.clusterserviceversion.yaml @@ -34,7 +34,7 @@ metadata: capabilities: Seamless Upgrades categories: OpenShift Optional, Integration & Delivery, Networking, Security containerImage: quay.io/sail-dev/sail-operator:0.3-latest - createdAt: "2025-01-17T09:17:31Z" + createdAt: "2025-01-20T05:05:22Z" description: Experimental operator for installing Istio service mesh features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "true" @@ -46,7 +46,7 @@ metadata: features.operators.openshift.io/token-auth-aws: "false" features.operators.openshift.io/token-auth-azure: "false" features.operators.openshift.io/token-auth-gcp: "false" - operators.operatorframework.io/builder: operator-sdk-v1.38.0 + operators.operatorframework.io/builder: operator-sdk-v1.39.1 operators.operatorframework.io/internal-objects: '["wasmplugins.extensions.istio.io","destinationrules.networking.istio.io","envoyfilters.networking.istio.io","gateways.networking.istio.io","proxyconfigs.networking.istio.io","serviceentries.networking.istio.io","sidecars.networking.istio.io","virtualservices.networking.istio.io","workloadentries.networking.istio.io","workloadgroups.networking.istio.io","authorizationpolicies.security.istio.io","peerauthentications.security.istio.io","requestauthentications.security.istio.io","telemetries.telemetry.istio.io"]' operators.operatorframework.io/project_layout: go.kubebuilder.io/v4 repository: https://github.com/istio-ecosystem/sail-operator @@ -255,7 +255,7 @@ spec: one control plane instance to another. When the \"RevisionBased\"\nstrategy is used, a new Istio control plane instance is created for every change to the\nIstio.spec.version field. The old control plane remains in place - until all workloads have\nbeen moved to the new control plane instance.\n\n\nThe + until all workloads have\nbeen moved to the new control plane instance.\n\nThe \"InPlace\" strategy is the default.\tTODO: change default to \"RevisionBased\"" displayName: Type path: updateStrategy.type @@ -371,7 +371,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - latest (d547b858) + - latest (0c5460ee) [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. displayName: Sail Operator @@ -647,10 +647,10 @@ spec: template: metadata: annotations: - images.latest.cni: gcr.io/istio-testing/install-cni:1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea - images.latest.istiod: gcr.io/istio-testing/pilot:1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea - images.latest.proxy: gcr.io/istio-testing/proxyv2:1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea - images.latest.ztunnel: gcr.io/istio-testing/ztunnel:1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea + images.latest.cni: gcr.io/istio-testing/install-cni:1.25-alpha.0c5460eeba8a26a49d4041187406e26a2d2c3526 + images.latest.istiod: gcr.io/istio-testing/pilot:1.25-alpha.0c5460eeba8a26a49d4041187406e26a2d2c3526 + images.latest.proxy: gcr.io/istio-testing/proxyv2:1.25-alpha.0c5460eeba8a26a49d4041187406e26a2d2c3526 + images.latest.ztunnel: gcr.io/istio-testing/ztunnel:1.25-alpha.0c5460eeba8a26a49d4041187406e26a2d2c3526 images.v1_21_6.cni: docker.io/istio/install-cni:1.21.6 images.v1_21_6.istiod: docker.io/istio/pilot:1.21.6 images.v1_21_6.proxy: docker.io/istio/proxyv2:1.21.6 @@ -843,13 +843,13 @@ spec: provider: name: Red Hat, Inc. relatedImages: - - image: gcr.io/istio-testing/install-cni:1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea + - image: gcr.io/istio-testing/install-cni:1.25-alpha.0c5460eeba8a26a49d4041187406e26a2d2c3526 name: latest.cni - - image: gcr.io/istio-testing/pilot:1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea + - image: gcr.io/istio-testing/pilot:1.25-alpha.0c5460eeba8a26a49d4041187406e26a2d2c3526 name: latest.istiod - - image: gcr.io/istio-testing/proxyv2:1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea + - image: gcr.io/istio-testing/proxyv2:1.25-alpha.0c5460eeba8a26a49d4041187406e26a2d2c3526 name: latest.proxy - - image: gcr.io/istio-testing/ztunnel:1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea + - image: gcr.io/istio-testing/ztunnel:1.25-alpha.0c5460eeba8a26a49d4041187406e26a2d2c3526 name: latest.ztunnel - image: docker.io/istio/install-cni:1.21.6 name: v1_21_6.cni diff --git a/bundle/manifests/sailoperator.io_istiocnis.yaml b/bundle/manifests/sailoperator.io_istiocnis.yaml index 715d15c73..c40e3fc0a 100644 --- a/bundle/manifests/sailoperator.io_istiocnis.yaml +++ b/bundle/manifests/sailoperator.io_istiocnis.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 creationTimestamp: null name: istiocnis.sailoperator.io spec: diff --git a/bundle/manifests/sailoperator.io_istiorevisions.yaml b/bundle/manifests/sailoperator.io_istiorevisions.yaml index 1a0b0f2a2..059c5d0be 100644 --- a/bundle/manifests/sailoperator.io_istiorevisions.yaml +++ b/bundle/manifests/sailoperator.io_istiorevisions.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 creationTimestamp: null name: istiorevisions.sailoperator.io spec: diff --git a/bundle/manifests/sailoperator.io_istiorevisiontags.yaml b/bundle/manifests/sailoperator.io_istiorevisiontags.yaml index 90db7a5a2..001026086 100644 --- a/bundle/manifests/sailoperator.io_istiorevisiontags.yaml +++ b/bundle/manifests/sailoperator.io_istiorevisiontags.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 creationTimestamp: null name: istiorevisiontags.sailoperator.io spec: diff --git a/bundle/manifests/sailoperator.io_istios.yaml b/bundle/manifests/sailoperator.io_istios.yaml index 8cc090376..0ff880db9 100644 --- a/bundle/manifests/sailoperator.io_istios.yaml +++ b/bundle/manifests/sailoperator.io_istios.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 creationTimestamp: null name: istios.sailoperator.io spec: diff --git a/bundle/manifests/sailoperator.io_ztunnels.yaml b/bundle/manifests/sailoperator.io_ztunnels.yaml index 0d7e4ff5d..94795719b 100644 --- a/bundle/manifests/sailoperator.io_ztunnels.yaml +++ b/bundle/manifests/sailoperator.io_ztunnels.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 creationTimestamp: null name: ztunnels.sailoperator.io spec: diff --git a/bundle/manifests/security.istio.io_authorizationpolicies.yaml b/bundle/manifests/security.istio.io_authorizationpolicies.yaml index fa157496c..742c5a02c 100644 --- a/bundle/manifests/security.istio.io_authorizationpolicies.yaml +++ b/bundle/manifests/security.istio.io_authorizationpolicies.yaml @@ -117,6 +117,13 @@ spec: items: type: string type: array + notServiceAccounts: + description: Optional. + items: + maxLength: 320 + type: string + maxItems: 16 + type: array principals: description: Optional. items: @@ -132,8 +139,22 @@ spec: items: type: string type: array + serviceAccounts: + description: Optional. + items: + maxLength: 320 + type: string + maxItems: 16 + type: array type: object + x-kubernetes-validations: + - message: Cannot set serviceAccounts with namespaces + or principals + rule: |- + (has(self.serviceAccounts) || has(self.notServiceAccounts)) ? (!has(self.principals) && + !has(self.notPrincipals) && !has(self.namespaces) && !has(self.notNamespaces)) : true type: object + maxItems: 512 type: array to: description: Optional. @@ -207,6 +228,7 @@ spec: type: object type: array type: object + maxItems: 512 type: array selector: description: Optional. @@ -477,6 +499,13 @@ spec: items: type: string type: array + notServiceAccounts: + description: Optional. + items: + maxLength: 320 + type: string + maxItems: 16 + type: array principals: description: Optional. items: @@ -492,8 +521,22 @@ spec: items: type: string type: array + serviceAccounts: + description: Optional. + items: + maxLength: 320 + type: string + maxItems: 16 + type: array type: object + x-kubernetes-validations: + - message: Cannot set serviceAccounts with namespaces + or principals + rule: |- + (has(self.serviceAccounts) || has(self.notServiceAccounts)) ? (!has(self.principals) && + !has(self.notPrincipals) && !has(self.namespaces) && !has(self.notNamespaces)) : true type: object + maxItems: 512 type: array to: description: Optional. @@ -567,6 +610,7 @@ spec: type: object type: array type: object + maxItems: 512 type: array selector: description: Optional. diff --git a/bundle/metadata/annotations.yaml b/bundle/metadata/annotations.yaml index 64c8aac64..fa359ef48 100644 --- a/bundle/metadata/annotations.yaml +++ b/bundle/metadata/annotations.yaml @@ -5,7 +5,7 @@ annotations: operators.operatorframework.io.bundle.metadata.v1: metadata/ operators.operatorframework.io.bundle.package.v1: sailoperator operators.operatorframework.io.bundle.channels.v1: "dev-0.3" - operators.operatorframework.io.metrics.builder: operator-sdk-v1.38.0 + operators.operatorframework.io.metrics.builder: operator-sdk-v1.39.1 operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v4 diff --git a/bundle/tests/scorecard/config.yaml b/bundle/tests/scorecard/config.yaml index cf5c4335e..397065cd7 100644 --- a/bundle/tests/scorecard/config.yaml +++ b/bundle/tests/scorecard/config.yaml @@ -8,7 +8,7 @@ stages: - entrypoint: - scorecard-test - basic-check-spec - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.1 labels: suite: basic test: basic-check-spec-test @@ -18,7 +18,7 @@ stages: - entrypoint: - scorecard-test - olm-bundle-validation - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.1 labels: suite: olm test: olm-bundle-validation-test @@ -28,7 +28,7 @@ stages: - entrypoint: - scorecard-test - olm-crds-have-validation - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.1 labels: suite: olm test: olm-crds-have-validation-test @@ -38,7 +38,7 @@ stages: - entrypoint: - scorecard-test - olm-spec-descriptors - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.1 labels: suite: olm test: olm-spec-descriptors-test @@ -48,7 +48,7 @@ stages: - entrypoint: - scorecard-test - olm-status-descriptors - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.1 labels: suite: olm test: olm-status-descriptors-test diff --git a/chart/crds/sailoperator.io_istiocnis.yaml b/chart/crds/sailoperator.io_istiocnis.yaml index 36d5d3c86..d1c0f19be 100644 --- a/chart/crds/sailoperator.io_istiocnis.yaml +++ b/chart/crds/sailoperator.io_istiocnis.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: istiocnis.sailoperator.io spec: group: sailoperator.io diff --git a/chart/crds/sailoperator.io_istiorevisions.yaml b/chart/crds/sailoperator.io_istiorevisions.yaml index 76a8eddee..7159800b1 100644 --- a/chart/crds/sailoperator.io_istiorevisions.yaml +++ b/chart/crds/sailoperator.io_istiorevisions.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: istiorevisions.sailoperator.io spec: group: sailoperator.io diff --git a/chart/crds/sailoperator.io_istiorevisiontags.yaml b/chart/crds/sailoperator.io_istiorevisiontags.yaml index 3c4866eb1..716291003 100644 --- a/chart/crds/sailoperator.io_istiorevisiontags.yaml +++ b/chart/crds/sailoperator.io_istiorevisiontags.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: istiorevisiontags.sailoperator.io spec: group: sailoperator.io diff --git a/chart/crds/sailoperator.io_istios.yaml b/chart/crds/sailoperator.io_istios.yaml index 3b02d14bd..b11d8b6af 100644 --- a/chart/crds/sailoperator.io_istios.yaml +++ b/chart/crds/sailoperator.io_istios.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: istios.sailoperator.io spec: group: sailoperator.io diff --git a/chart/crds/sailoperator.io_ztunnels.yaml b/chart/crds/sailoperator.io_ztunnels.yaml index 827970906..08aec9aef 100644 --- a/chart/crds/sailoperator.io_ztunnels.yaml +++ b/chart/crds/sailoperator.io_ztunnels.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: ztunnels.sailoperator.io spec: group: sailoperator.io diff --git a/chart/crds/security.istio.io_authorizationpolicies.yaml b/chart/crds/security.istio.io_authorizationpolicies.yaml index 734288200..1f474c458 100644 --- a/chart/crds/security.istio.io_authorizationpolicies.yaml +++ b/chart/crds/security.istio.io_authorizationpolicies.yaml @@ -116,6 +116,13 @@ spec: items: type: string type: array + notServiceAccounts: + description: Optional. + items: + maxLength: 320 + type: string + maxItems: 16 + type: array principals: description: Optional. items: @@ -131,8 +138,22 @@ spec: items: type: string type: array + serviceAccounts: + description: Optional. + items: + maxLength: 320 + type: string + maxItems: 16 + type: array type: object + x-kubernetes-validations: + - message: Cannot set serviceAccounts with namespaces + or principals + rule: |- + (has(self.serviceAccounts) || has(self.notServiceAccounts)) ? (!has(self.principals) && + !has(self.notPrincipals) && !has(self.namespaces) && !has(self.notNamespaces)) : true type: object + maxItems: 512 type: array to: description: Optional. @@ -206,6 +227,7 @@ spec: type: object type: array type: object + maxItems: 512 type: array selector: description: Optional. @@ -476,6 +498,13 @@ spec: items: type: string type: array + notServiceAccounts: + description: Optional. + items: + maxLength: 320 + type: string + maxItems: 16 + type: array principals: description: Optional. items: @@ -491,8 +520,22 @@ spec: items: type: string type: array + serviceAccounts: + description: Optional. + items: + maxLength: 320 + type: string + maxItems: 16 + type: array type: object + x-kubernetes-validations: + - message: Cannot set serviceAccounts with namespaces + or principals + rule: |- + (has(self.serviceAccounts) || has(self.notServiceAccounts)) ? (!has(self.principals) && + !has(self.notPrincipals) && !has(self.namespaces) && !has(self.notNamespaces)) : true type: object + maxItems: 512 type: array to: description: Optional. @@ -566,6 +609,7 @@ spec: type: object type: array type: object + maxItems: 512 type: array selector: description: Optional. diff --git a/chart/templates/olm/scorecard.yaml b/chart/templates/olm/scorecard.yaml index 82c508161..d837da890 100644 --- a/chart/templates/olm/scorecard.yaml +++ b/chart/templates/olm/scorecard.yaml @@ -9,7 +9,7 @@ stages: - entrypoint: - scorecard-test - basic-check-spec - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.1 labels: suite: basic test: basic-check-spec-test @@ -19,7 +19,7 @@ stages: - entrypoint: - scorecard-test - olm-bundle-validation - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.1 labels: suite: olm test: olm-bundle-validation-test @@ -29,7 +29,7 @@ stages: - entrypoint: - scorecard-test - olm-crds-have-validation - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.1 labels: suite: olm test: olm-crds-have-validation-test @@ -39,7 +39,7 @@ stages: - entrypoint: - scorecard-test - olm-spec-descriptors - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.1 labels: suite: olm test: olm-spec-descriptors-test @@ -49,7 +49,7 @@ stages: - entrypoint: - scorecard-test - olm-status-descriptors - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.39.1 labels: suite: olm test: olm-status-descriptors-test diff --git a/chart/values.yaml b/chart/values.yaml index b47ee2b4f..6db345126 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -28,7 +28,7 @@ csv: - v1.22.6 - v1.22.5 - v1.21.6 - - latest (d547b858) + - latest (0c5460ee) [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. support: Community based diff --git a/common/.commonfiles.sha b/common/.commonfiles.sha index 3df74a12e..50e784064 100644 --- a/common/.commonfiles.sha +++ b/common/.commonfiles.sha @@ -1 +1 @@ -ad4552bfdc5ead45c5d8084e4bf254b788090603 +09704d7c4b708d76ef91b1a1b091679a37def6bf diff --git a/common/config/license-lint.yml b/common/config/license-lint.yml index ef4859462..8743adf16 100644 --- a/common/config/license-lint.yml +++ b/common/config/license-lint.yml @@ -125,4 +125,18 @@ allowlisted_modules: # Simplified BSD (BSD-2-Clause): https://github.com/russross/blackfriday/blob/master/LICENSE.txt - github.com/russross/blackfriday -- github.com/russross/blackfriday/v2 \ No newline at end of file +- github.com/russross/blackfriday/v2 + +# W3C Test Suite License, W3C 3-clause BSD License +# gonum uses this for its some of its test files +# gonum.org/v1/gonum/graph/formats/rdf/testdata/LICENSE.md +- gonum.org/v1/gonum + +# BSD 3-clause: https://github.com/go-inf/inf/blob/v0.9.1/LICENSE +- gopkg.in/inf.v0 + +# BSD 3-clause: https://github.com/go-git/gcfg/blob/main/LICENSE +- github.com/go-git/gcfg + +# Apache 2.0 +- github.com/aws/smithy-go diff --git a/common/scripts/kind_provisioner.sh b/common/scripts/kind_provisioner.sh index 4650ba5c5..6a49dcc40 100644 --- a/common/scripts/kind_provisioner.sh +++ b/common/scripts/kind_provisioner.sh @@ -35,7 +35,7 @@ set -x DEFAULT_KIND_IMAGE="gcr.io/istio-testing/kind-node:v1.32.0" # the default kind cluster should be ipv4 if not otherwise specified -IP_FAMILY="${IP_FAMILY:-ipv4}" +KIND_IP_FAMILY="${KIND_IP_FAMILY:-ipv4}" # COMMON_SCRIPTS contains the directory this file is in. COMMON_SCRIPTS=$(dirname "${BASH_SOURCE:-$0}") @@ -147,7 +147,7 @@ function setup_kind_cluster_retry() { # 1. NAME: Name of the Kind cluster (optional) # 2. IMAGE: Node image used by KinD (optional) # 3. CONFIG: KinD cluster configuration YAML file. If not specified then DEFAULT_CLUSTER_YAML is used -# 4. NOMETALBINSTALL: Dont install matllb if set. +# 4. NOMETALBINSTALL: Dont install metalb if set. # This function returns 0 when everything goes well, or 1 otherwise # If Kind cluster was already created then it would be cleaned up in case of errors function setup_kind_cluster() { @@ -186,7 +186,7 @@ function setup_kind_cluster() { # Create KinD cluster if ! (yq eval "${CONFIG}" --expression ".networking.disableDefaultCNI = ${KIND_DISABLE_CNI}" \ - --expression ".networking.ipFamily = \"${IP_FAMILY}\"" | \ + --expression ".networking.ipFamily = \"${KIND_IP_FAMILY}\"" | \ kind create cluster --name="${NAME}" -v4 --retain --image "${IMAGE}" ${KIND_WAIT_FLAG:+"$KIND_WAIT_FLAG"} --config -); then echo "Could not setup KinD environment. Something wrong with KinD setup. Exporting logs." return 9 @@ -230,7 +230,7 @@ function setup_kind_cluster() { # https://github.com/coredns/coredns/issues/2494#issuecomment-457215452 # CoreDNS should handle those domains and answer with NXDOMAIN instead of SERVFAIL # otherwise pods stops trying to resolve the domain. - if [ "${IP_FAMILY}" = "ipv6" ] || [ "${IP_FAMILY}" = "dual" ]; then + if [ "${KIND_IP_FAMILY}" = "ipv6" ] || [ "${KIND_IP_FAMILY}" = "dual" ]; then # Get the current config original_coredns=$(kubectl get -oyaml -n=kube-system configmap/coredns) echo "Original CoreDNS config:" @@ -267,14 +267,14 @@ function cleanup_kind_clusters() { # setup_kind_clusters sets up a given number of kind clusters with given topology # as specified in cluster topology configuration file. # 1. IMAGE = docker image used as node by KinD -# 2. IP_FAMILY = either ipv4 or ipv6 +# 2. KIND_IP_FAMILY = either ipv4 or ipv6 or dual # # NOTE: Please call load_cluster_topology before calling this method as it expects # cluster topology information to be loaded in advance function setup_kind_clusters() { IMAGE="${1:-"${DEFAULT_KIND_IMAGE}"}" KUBECONFIG_DIR="${ARTIFACTS:-$(mktemp -d)}/kubeconfig" - IP_FAMILY="${2:-ipv4}" + KIND_IP_FAMILY="${2:-ipv4}" check_default_cluster_yaml diff --git a/common/scripts/setup_env.sh b/common/scripts/setup_env.sh index 82ab62499..0dcf0ce13 100755 --- a/common/scripts/setup_env.sh +++ b/common/scripts/setup_env.sh @@ -75,7 +75,7 @@ fi TOOLS_REGISTRY_PROVIDER=${TOOLS_REGISTRY_PROVIDER:-gcr.io} PROJECT_ID=${PROJECT_ID:-istio-testing} if [[ "${IMAGE_VERSION:-}" == "" ]]; then - IMAGE_VERSION=master-0b8e6b9676d328fbeb28a23b8d1134dcc56d98ec + IMAGE_VERSION=master-e02796cba1a2e48e50a8d09c60f9c6140b8a41ba fi if [[ "${IMAGE_NAME:-}" == "" ]]; then IMAGE_NAME=build-tools diff --git a/go.mod b/go.mod index 0cc6605f8..602e0afb5 100644 --- a/go.mod +++ b/go.mod @@ -25,8 +25,8 @@ require ( gomodules.xyz/jsonpatch/v2 v2.4.0 gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.16.3 - istio.io/client-go v1.24.0-alpha.0.0.20241218215832-3daa0126820b - istio.io/istio v0.0.0-20241219014932-d547b8580cf6 + istio.io/client-go v1.24.0-alpha.0.0.20250103213757-fb95213c2bc2 + istio.io/istio v0.0.0-20250119170654-0c5460eeba8a k8s.io/api v0.32.0 k8s.io/apiextensions-apiserver v0.32.0 k8s.io/apimachinery v0.32.0 @@ -152,7 +152,7 @@ require ( go.uber.org/zap v1.27.0 // indirect golang.org/x/crypto v0.31.0 // indirect golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e // indirect - golang.org/x/net v0.32.0 // indirect + golang.org/x/net v0.33.0 // indirect golang.org/x/oauth2 v0.24.0 // indirect golang.org/x/sync v0.10.0 // indirect golang.org/x/sys v0.28.0 // indirect @@ -167,7 +167,7 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gotest.tools/v3 v3.5.1 // indirect - istio.io/api v1.24.0-alpha.0.0.20241218215532-27d505cbdb11 // indirect + istio.io/api v1.24.0-alpha.0.0.20250103213058-f293e9c39285 // indirect k8s.io/apiserver v0.32.0 // indirect k8s.io/component-base v0.32.0 // indirect k8s.io/klog/v2 v2.130.1 // indirect diff --git a/go.sum b/go.sum index 13fa41fe8..c1c5b0b23 100644 --- a/go.sum +++ b/go.sum @@ -421,8 +421,8 @@ golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI= -golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs= +golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= +golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE= golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -494,12 +494,12 @@ gotest.tools/v3 v3.5.1 h1:EENdUnS3pdur5nybKYIh2Vfgc8IUNBjxDPSjtiJcOzU= gotest.tools/v3 v3.5.1/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU= helm.sh/helm/v3 v3.16.3 h1:kb8bSxMeRJ+knsK/ovvlaVPfdis0X3/ZhYCSFRP+YmY= helm.sh/helm/v3 v3.16.3/go.mod h1:zeVWGDR4JJgiRbT3AnNsjYaX8OTJlIE9zC+Q7F7iUSU= -istio.io/api v1.24.0-alpha.0.0.20241218215532-27d505cbdb11 h1:AlkTHCbrikiyS6Pz4Qke8+yXEOpgpC8kRMBaBClAIpg= -istio.io/api v1.24.0-alpha.0.0.20241218215532-27d505cbdb11/go.mod h1:QFzEXv/IT582T0FHZVp1QoolvE4ws0zz/vVO55blmlE= -istio.io/client-go v1.24.0-alpha.0.0.20241218215832-3daa0126820b h1:c8USLMmfK3eOUbQ4ut9nT4fnX48nx4mUc7q2AMu5Ppo= -istio.io/client-go v1.24.0-alpha.0.0.20241218215832-3daa0126820b/go.mod h1:SETUIw6SAGTLesSeed9N0SbW+72RoYB1J9LHuWgpMkQ= -istio.io/istio v0.0.0-20241219014932-d547b8580cf6 h1:HN+KGGjBUnAY/oAcuAJgZITuwIajFZdPYyxyefozmyg= -istio.io/istio v0.0.0-20241219014932-d547b8580cf6/go.mod h1:TiOIr/B86DoFGpimy1QGCrQbCT4XCJIbZ9fvs1mZ7AU= +istio.io/api v1.24.0-alpha.0.0.20250103213058-f293e9c39285 h1:HMEJDYg8lxp2g/I7oHZPX91DkbYlHKYBJ+hm76U6Q24= +istio.io/api v1.24.0-alpha.0.0.20250103213058-f293e9c39285/go.mod h1:QFzEXv/IT582T0FHZVp1QoolvE4ws0zz/vVO55blmlE= +istio.io/client-go v1.24.0-alpha.0.0.20250103213757-fb95213c2bc2 h1:egds+0nRCW+ACMq0Zj+mQ7rdZFiuJWhduL+JF847Njc= +istio.io/client-go v1.24.0-alpha.0.0.20250103213757-fb95213c2bc2/go.mod h1:SxwtgVDTEray23wIAmsXnzpXiKckYH3G+TISxorESUo= +istio.io/istio v0.0.0-20250119170654-0c5460eeba8a h1:BqG/1o4UwlI5nh5vMHpT3EyY9+OHf4N2fjKWoImnOSg= +istio.io/istio v0.0.0-20250119170654-0c5460eeba8a/go.mod h1:gwxuNcyDdTWkypGK2J6ENSeGrNfIzWBsxGLsm5MHpRA= k8s.io/api v0.32.0 h1:OL9JpbvAU5ny9ga2fb24X8H6xQlVp+aJMFlgtQjR9CE= k8s.io/api v0.32.0/go.mod h1:4LEwHZEf6Q/cG96F3dqR965sYOfmPM7rq81BLgsE0p0= k8s.io/apiextensions-apiserver v0.32.0 h1:S0Xlqt51qzzqjKPxfgX1xh4HBZE+p8KKBq+k2SWNOE0= diff --git a/resources/latest/charts/base/Chart.yaml b/resources/latest/charts/base/Chart.yaml index 360100c65..dacbbb404 100644 --- a/resources/latest/charts/base/Chart.yaml +++ b/resources/latest/charts/base/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea +appVersion: 1.25-alpha.0c5460eeba8a26a49d4041187406e26a2d2c3526 description: Helm chart for deploying Istio cluster resources and CRDs icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -7,4 +7,4 @@ keywords: name: base sources: - https://github.com/istio/istio -version: 1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea +version: 1.25-alpha.0c5460eeba8a26a49d4041187406e26a2d2c3526 diff --git a/resources/latest/charts/base/files/crd-all.gen.yaml b/resources/latest/charts/base/files/crd-all.gen.yaml index 5360fe804..fe8bc7d21 100644 --- a/resources/latest/charts/base/files/crd-all.gen.yaml +++ b/resources/latest/charts/base/files/crd-all.gen.yaml @@ -14717,6 +14717,13 @@ spec: items: type: string type: array + notServiceAccounts: + description: Optional. + items: + maxLength: 320 + type: string + maxItems: 16 + type: array principals: description: Optional. items: @@ -14732,8 +14739,22 @@ spec: items: type: string type: array + serviceAccounts: + description: Optional. + items: + maxLength: 320 + type: string + maxItems: 16 + type: array type: object + x-kubernetes-validations: + - message: Cannot set serviceAccounts with namespaces + or principals + rule: |- + (has(self.serviceAccounts) || has(self.notServiceAccounts)) ? (!has(self.principals) && + !has(self.notPrincipals) && !has(self.namespaces) && !has(self.notNamespaces)) : true type: object + maxItems: 512 type: array to: description: Optional. @@ -14807,6 +14828,7 @@ spec: type: object type: array type: object + maxItems: 512 type: array selector: description: Optional. @@ -15077,6 +15099,13 @@ spec: items: type: string type: array + notServiceAccounts: + description: Optional. + items: + maxLength: 320 + type: string + maxItems: 16 + type: array principals: description: Optional. items: @@ -15092,8 +15121,22 @@ spec: items: type: string type: array + serviceAccounts: + description: Optional. + items: + maxLength: 320 + type: string + maxItems: 16 + type: array type: object + x-kubernetes-validations: + - message: Cannot set serviceAccounts with namespaces + or principals + rule: |- + (has(self.serviceAccounts) || has(self.notServiceAccounts)) ? (!has(self.principals) && + !has(self.notPrincipals) && !has(self.namespaces) && !has(self.notNamespaces)) : true type: object + maxItems: 512 type: array to: description: Optional. @@ -15167,6 +15210,7 @@ spec: type: object type: array type: object + maxItems: 512 type: array selector: description: Optional. diff --git a/resources/latest/charts/base/files/profile-compatibility-version-1.24.yaml b/resources/latest/charts/base/files/profile-compatibility-version-1.24.yaml index 2704a7d95..cd989a73c 100644 --- a/resources/latest/charts/base/files/profile-compatibility-version-1.24.yaml +++ b/resources/latest/charts/base/files/profile-compatibility-version-1.24.yaml @@ -6,3 +6,6 @@ pilot: env: # 1.24 behavioral changes PILOT_ENABLE_IP_AUTOALLOCATE: "false" +cni: + ambient: + dnsCapture: false diff --git a/resources/latest/charts/cni/Chart.yaml b/resources/latest/charts/cni/Chart.yaml index 7dff03064..4a475d5cd 100644 --- a/resources/latest/charts/cni/Chart.yaml +++ b/resources/latest/charts/cni/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea +appVersion: 1.25-alpha.0c5460eeba8a26a49d4041187406e26a2d2c3526 description: Helm chart for istio-cni components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: cni sources: - https://github.com/istio/istio -version: 1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea +version: 1.25-alpha.0c5460eeba8a26a49d4041187406e26a2d2c3526 diff --git a/resources/latest/charts/cni/files/profile-compatibility-version-1.24.yaml b/resources/latest/charts/cni/files/profile-compatibility-version-1.24.yaml index 2704a7d95..cd989a73c 100644 --- a/resources/latest/charts/cni/files/profile-compatibility-version-1.24.yaml +++ b/resources/latest/charts/cni/files/profile-compatibility-version-1.24.yaml @@ -6,3 +6,6 @@ pilot: env: # 1.24 behavioral changes PILOT_ENABLE_IP_AUTOALLOCATE: "false" +cni: + ambient: + dnsCapture: false diff --git a/resources/latest/charts/cni/templates/clusterrole.yaml b/resources/latest/charts/cni/templates/clusterrole.yaml index bd9ba7fdf..a51cd782f 100644 --- a/resources/latest/charts/cni/templates/clusterrole.yaml +++ b/resources/latest/charts/cni/templates/clusterrole.yaml @@ -18,7 +18,7 @@ rules: - apiGroups: [""] resources: ["pods","nodes","namespaces"] verbs: ["get", "list", "watch"] -{{- if (eq (coalesce .Values.platform .Values.global.platform) "openshift") }} +{{- if (eq ((coalesce .Values.platform .Values.global.platform) | default "") "openshift") }} - apiGroups: ["security.openshift.io"] resources: ["securitycontextconstraints"] resourceNames: ["privileged"] diff --git a/resources/latest/charts/cni/templates/configmap-cni.yaml b/resources/latest/charts/cni/templates/configmap-cni.yaml index 39a09fb69..2c2bfe57f 100644 --- a/resources/latest/charts/cni/templates/configmap-cni.yaml +++ b/resources/latest/charts/cni/templates/configmap-cni.yaml @@ -16,6 +16,7 @@ data: AMBIENT_ENABLED: {{ .Values.ambient.enabled | quote }} AMBIENT_DNS_CAPTURE: {{ .Values.ambient.dnsCapture | default "false" | quote }} AMBIENT_IPV6: {{ .Values.ambient.ipv6 | default "false" | quote }} + AMBIENT_RECONCILE_POD_RULES_ON_STARTUP: {{ .Values.ambient.reconcileIptablesOnStartup | default "false" | quote }} {{- if .Values.cniConfFileName }} # K8S < 1.24 doesn't like empty values CNI_CONF_NAME: {{ .Values.cniConfFileName }} # Name of the CNI config file to create. Only override if you know the exact path your CNI requires.. {{- end }} diff --git a/resources/latest/charts/cni/values.yaml b/resources/latest/charts/cni/values.yaml index bbcd96e2d..12f84c0f3 100644 --- a/resources/latest/charts/cni/values.yaml +++ b/resources/latest/charts/cni/values.yaml @@ -48,9 +48,11 @@ _internal_defaults_do_not_set: # Set ambient config dir path: defaults to /etc/ambient-config configDir: "" # If enabled, and ambient is enabled, DNS redirection will be enabled - dnsCapture: false + dnsCapture: true # If enabled, and ambient is enabled, enables ipv6 support ipv6: true + # If enabled, and ambient is enabled, the CNI agent will reconcile incompatible iptables rules and chains at startup. + reconcileIptablesOnStartup: false repair: @@ -113,7 +115,7 @@ _internal_defaults_do_not_set: hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea + tag: 1.25-alpha.0c5460eeba8a26a49d4041187406e26a2d2c3526 # Variant of the image to use. # Currently supported are: [debug, distroless] diff --git a/resources/latest/charts/gateway/Chart.yaml b/resources/latest/charts/gateway/Chart.yaml index 2f5888196..1f63585d6 100644 --- a/resources/latest/charts/gateway/Chart.yaml +++ b/resources/latest/charts/gateway/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea +appVersion: 1.25-alpha.0c5460eeba8a26a49d4041187406e26a2d2c3526 description: Helm chart for deploying Istio gateways icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ name: gateway sources: - https://github.com/istio/istio type: application -version: 1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea +version: 1.25-alpha.0c5460eeba8a26a49d4041187406e26a2d2c3526 diff --git a/resources/latest/charts/gateway/files/profile-compatibility-version-1.24.yaml b/resources/latest/charts/gateway/files/profile-compatibility-version-1.24.yaml index 2704a7d95..cd989a73c 100644 --- a/resources/latest/charts/gateway/files/profile-compatibility-version-1.24.yaml +++ b/resources/latest/charts/gateway/files/profile-compatibility-version-1.24.yaml @@ -6,3 +6,6 @@ pilot: env: # 1.24 behavioral changes PILOT_ENABLE_IP_AUTOALLOCATE: "false" +cni: + ambient: + dnsCapture: false diff --git a/resources/latest/charts/gateway/templates/deployment.yaml b/resources/latest/charts/gateway/templates/deployment.yaml index e9bfbbd36..9db59d8b9 100644 --- a/resources/latest/charts/gateway/templates/deployment.yaml +++ b/resources/latest/charts/gateway/templates/deployment.yaml @@ -77,7 +77,7 @@ spec: allowPrivilegeEscalation: false privileged: false readOnlyRootFilesystem: true - {{- if not (eq .Values.platform "openshift") }} + {{- if not (eq (.Values.platform | default "") "openshift") }} runAsUser: 1337 runAsGroup: 1337 {{- end }} diff --git a/resources/latest/charts/gateway/templates/zzz_profile.yaml b/resources/latest/charts/gateway/templates/zzz_profile.yaml index 9c2119b9a..ded66c5fd 100644 --- a/resources/latest/charts/gateway/templates/zzz_profile.yaml +++ b/resources/latest/charts/gateway/templates/zzz_profile.yaml @@ -49,7 +49,7 @@ Finally, we can set all of that under .Values so the chart behaves without aware {{- $a := mustMergeOverwrite $defaults $profile }} {{- end }} # Flatten globals, if defined on a per-chart basis -{{- if false }} +{{- if true }} {{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} {{- end }} {{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} diff --git a/resources/latest/charts/istiod/Chart.yaml b/resources/latest/charts/istiod/Chart.yaml index 3e0c4d7e3..a43c45be5 100644 --- a/resources/latest/charts/istiod/Chart.yaml +++ b/resources/latest/charts/istiod/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea +appVersion: 1.25-alpha.0c5460eeba8a26a49d4041187406e26a2d2c3526 description: Helm chart for istio control plane icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ keywords: name: istiod sources: - https://github.com/istio/istio -version: 1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea +version: 1.25-alpha.0c5460eeba8a26a49d4041187406e26a2d2c3526 diff --git a/resources/latest/charts/istiod/files/injection-template.yaml b/resources/latest/charts/istiod/files/injection-template.yaml index 93eafdacd..3b3f69cd9 100644 --- a/resources/latest/charts/istiod/files/injection-template.yaml +++ b/resources/latest/charts/istiod/files/injection-template.yaml @@ -52,7 +52,7 @@ metadata: sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}", {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}traffic.sidecar.istio.io/includeOutboundIPRanges: "{{.}}",{{ end }} {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{.}}",{{ end }} - {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` .Values.global.proxy.includeInboundPorts }}traffic.sidecar.istio.io/includeInboundPorts: "{{.}}",{{ end }} + traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` .Values.global.proxy.includeInboundPorts }}", traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}", {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/includeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.includeOutboundPorts "") "") }} traffic.sidecar.istio.io/includeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundPorts` .Values.global.proxy.includeOutboundPorts }}", diff --git a/resources/latest/charts/istiod/files/profile-compatibility-version-1.24.yaml b/resources/latest/charts/istiod/files/profile-compatibility-version-1.24.yaml index 2704a7d95..cd989a73c 100644 --- a/resources/latest/charts/istiod/files/profile-compatibility-version-1.24.yaml +++ b/resources/latest/charts/istiod/files/profile-compatibility-version-1.24.yaml @@ -6,3 +6,6 @@ pilot: env: # 1.24 behavioral changes PILOT_ENABLE_IP_AUTOALLOCATE: "false" +cni: + ambient: + dnsCapture: false diff --git a/resources/latest/charts/istiod/templates/remote-istiod-service.yaml b/resources/latest/charts/istiod/templates/remote-istiod-service.yaml index 220277dc0..d3f872f74 100644 --- a/resources/latest/charts/istiod/templates/remote-istiod-service.yaml +++ b/resources/latest/charts/istiod/templates/remote-istiod-service.yaml @@ -1,5 +1,5 @@ # This file is only used for remote `istiod` installs. -{{- if .Values.istiodRemote.enabled }} +{{- if .Values.global.remotePilotAddress }} apiVersion: v1 kind: Service metadata: diff --git a/resources/latest/charts/istiod/values.yaml b/resources/latest/charts/istiod/values.yaml index f359aa8ec..4cdc0f7a0 100644 --- a/resources/latest/charts/istiod/values.yaml +++ b/resources/latest/charts/istiod/values.yaml @@ -242,7 +242,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea + tag: 1.25-alpha.0c5460eeba8a26a49d4041187406e26a2d2c3526 # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/latest/charts/revisiontags/files/profile-compatibility-version-1.24.yaml b/resources/latest/charts/revisiontags/files/profile-compatibility-version-1.24.yaml index 2704a7d95..cd989a73c 100644 --- a/resources/latest/charts/revisiontags/files/profile-compatibility-version-1.24.yaml +++ b/resources/latest/charts/revisiontags/files/profile-compatibility-version-1.24.yaml @@ -6,3 +6,6 @@ pilot: env: # 1.24 behavioral changes PILOT_ENABLE_IP_AUTOALLOCATE: "false" +cni: + ambient: + dnsCapture: false diff --git a/resources/latest/charts/revisiontags/values.yaml b/resources/latest/charts/revisiontags/values.yaml index f359aa8ec..4cdc0f7a0 100644 --- a/resources/latest/charts/revisiontags/values.yaml +++ b/resources/latest/charts/revisiontags/values.yaml @@ -242,7 +242,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea + tag: 1.25-alpha.0c5460eeba8a26a49d4041187406e26a2d2c3526 # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/latest/charts/ztunnel/Chart.yaml b/resources/latest/charts/ztunnel/Chart.yaml index 387b012f2..d4d772082 100644 --- a/resources/latest/charts/ztunnel/Chart.yaml +++ b/resources/latest/charts/ztunnel/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea +appVersion: 1.25-alpha.0c5460eeba8a26a49d4041187406e26a2d2c3526 description: Helm chart for istio ztunnel components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: ztunnel sources: - https://github.com/istio/istio -version: 1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea +version: 1.25-alpha.0c5460eeba8a26a49d4041187406e26a2d2c3526 diff --git a/resources/latest/charts/ztunnel/files/profile-compatibility-version-1.24.yaml b/resources/latest/charts/ztunnel/files/profile-compatibility-version-1.24.yaml index 2704a7d95..cd989a73c 100644 --- a/resources/latest/charts/ztunnel/files/profile-compatibility-version-1.24.yaml +++ b/resources/latest/charts/ztunnel/files/profile-compatibility-version-1.24.yaml @@ -6,3 +6,6 @@ pilot: env: # 1.24 behavioral changes PILOT_ENABLE_IP_AUTOALLOCATE: "false" +cni: + ambient: + dnsCapture: false diff --git a/resources/latest/charts/ztunnel/templates/rbac.yaml b/resources/latest/charts/ztunnel/templates/rbac.yaml index 21b0e8de3..3b90cf5af 100644 --- a/resources/latest/charts/ztunnel/templates/rbac.yaml +++ b/resources/latest/charts/ztunnel/templates/rbac.yaml @@ -21,7 +21,7 @@ metadata: {{- .Values.annotations | toYaml | nindent 4 }} {{- end }} --- -{{- if (eq .Values.platform "openshift") }} +{{- if (eq (.Values.platform | default "") "openshift") }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: diff --git a/resources/latest/charts/ztunnel/values.yaml b/resources/latest/charts/ztunnel/values.yaml index 5c8b9bd67..d7071b780 100644 --- a/resources/latest/charts/ztunnel/values.yaml +++ b/resources/latest/charts/ztunnel/values.yaml @@ -4,7 +4,7 @@ _internal_defaults_do_not_set: # Hub to pull from. Image will be `Hub/Image:Tag-Variant` hub: gcr.io/istio-testing # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea + tag: 1.25-alpha.0c5460eeba8a26a49d4041187406e26a2d2c3526 # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. variant: "" diff --git a/versions.yaml b/versions.yaml index 4dbc419ff..2fc8eeca5 100644 --- a/versions.yaml +++ b/versions.yaml @@ -115,13 +115,13 @@ versions: - https://istio-release.storage.googleapis.com/charts/cni-1.21.6.tgz - https://istio-release.storage.googleapis.com/charts/ztunnel-1.21.6.tgz - name: latest - version: 1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea + version: 1.25-alpha.0c5460eeba8a26a49d4041187406e26a2d2c3526 repo: https://github.com/istio/istio branch: master - commit: d547b8580cf6298e15ba732823b2e027071516ea + commit: 0c5460eeba8a26a49d4041187406e26a2d2c3526 charts: - - https://storage.googleapis.com/istio-build/dev/1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea/helm/base-1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea.tgz - - https://storage.googleapis.com/istio-build/dev/1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea/helm/cni-1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea.tgz - - https://storage.googleapis.com/istio-build/dev/1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea/helm/gateway-1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea.tgz - - https://storage.googleapis.com/istio-build/dev/1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea/helm/istiod-1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea.tgz - - https://storage.googleapis.com/istio-build/dev/1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea/helm/ztunnel-1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea.tgz + - https://storage.googleapis.com/istio-build/dev/1.25-alpha.0c5460eeba8a26a49d4041187406e26a2d2c3526/helm/base-1.25-alpha.0c5460eeba8a26a49d4041187406e26a2d2c3526.tgz + - https://storage.googleapis.com/istio-build/dev/1.25-alpha.0c5460eeba8a26a49d4041187406e26a2d2c3526/helm/cni-1.25-alpha.0c5460eeba8a26a49d4041187406e26a2d2c3526.tgz + - https://storage.googleapis.com/istio-build/dev/1.25-alpha.0c5460eeba8a26a49d4041187406e26a2d2c3526/helm/gateway-1.25-alpha.0c5460eeba8a26a49d4041187406e26a2d2c3526.tgz + - https://storage.googleapis.com/istio-build/dev/1.25-alpha.0c5460eeba8a26a49d4041187406e26a2d2c3526/helm/istiod-1.25-alpha.0c5460eeba8a26a49d4041187406e26a2d2c3526.tgz + - https://storage.googleapis.com/istio-build/dev/1.25-alpha.0c5460eeba8a26a49d4041187406e26a2d2c3526/helm/ztunnel-1.25-alpha.0c5460eeba8a26a49d4041187406e26a2d2c3526.tgz