Skip to content

Sync min tls version from TLSConfig to Istio#1859

Merged
istio-testing merged 2 commits into
istio-ecosystem:mainfrom
nrfox:add-tls-min-version
Apr 21, 2026
Merged

Sync min tls version from TLSConfig to Istio#1859
istio-testing merged 2 commits into
istio-ecosystem:mainfrom
nrfox:add-tls-min-version

Conversation

@nrfox
Copy link
Copy Markdown
Contributor

@nrfox nrfox commented Apr 21, 2026

Sync min tls version from APIServer config to Istio resources.

What type of PR is this?

  • Enhancement / New Feature
  • Bug Fix
  • Refactor
  • Optimization
  • Test
  • Documentation Update

What this PR does / why we need it:

Which issue(s) this PR fixes:

Fixes #

Related Issue/PR #

Additional information:

@nrfox
Sync min tls version flag to Istio
81af44a 
Sync min tls version from APIServer config to Istio resources.

Signed-off-by: Nick Fox <nfox@redhat.com>
@nrfox nrfox requested a review from a team as a code owner April 21, 2026 14:25
@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 21, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 93.54839% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 80.71%. Comparing base (1b879c5) to head (96beb34).
⚠️ Report is 5 commits behind head on main.

Files with missing lines Patch % Lines
pkg/istiovalues/tls.go 93.10% 1 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1859      +/-   ##
==========================================
+ Coverage   80.57%   80.71%   +0.13%     
==========================================
  Files          51       51              
  Lines        2569     2598      +29     
==========================================
+ Hits         2070     2097      +27     
- Misses        379      380       +1     
- Partials      120      121       +1
Flag Coverage Δ
integration-tests 71.64% <45.16%> (-0.39%) ⬇️
unit-tests 52.30% <93.54%> (+0.46%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

dgn
dgn reviewed Apr 21, 2026
View reviewed changes
Comment thread pkg/istiovalues/tls.go Outdated
@nrfox
Log for unsupported versions
96beb34 
Added logging when we skip adding the min version flag because the version is unsupported.

Signed-off-by: Nick Fox <nfox@redhat.com>
@istio-testing istio-testing merged commit baf51c5 into istio-ecosystem:main Apr 21, 2026
17 checks passed
@nrfox nrfox deleted the add-tls-min-version branch April 21, 2026 17:45
openshift-service-mesh-bot pushed a commit to openshift-service-mesh-bot/sail-operator that referenced this pull request Apr 22, 2026
Automated merge
d8f8eea 
* upstream/main: (26 commits)
  Sync min tls version from `TLSConfig` to `Istio` (istio-ecosystem#1859)
  Fix serves metrics securely test (istio-ecosystem#1860)
  refactor: vendor kubernetes manifests into the repo (istio-ecosystem#1853)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1856)
  Modify "download-charts" script for alpha/beta releases (istio-ecosystem#1852)
  Add operator `TLSConfig` and sync with APIServer TLS profile on openshift (istio-ecosystem#1513)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1851)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1850)
  Add documentation for resource customization (istio-ecosystem#1292)
  refactor error and status condition handling (istio-ecosystem#1807)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1848)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1845)
  feat: add targetRef field to ZTunnel CRD (istio-ecosystem#1259)
  Add 1.29.2 and 1.28.6 versions (istio-ecosystem#1844)
  Use typed Go structs for FIPS values instead of helm.Values (istio-ecosystem#1695)
  Add helm.sh/helm/v3 to license allowlist alongside v4 (istio-ecosystem#1840)
  Update getLatestVersionByPrefix helm to v4 on update_deps.sh (istio-ecosystem#1833)
  Update kustomization files with registry.istio.io (istio-ecosystem#1829)
  Improve testing images tags for OLM and Operator images (istio-ecosystem#1819)
  Automator: Update EOL Istio versions in istio-ecosystem/sail-operator@main (istio-ecosystem#1821)
  ...
openshift-service-mesh-bot pushed a commit to openshift-service-mesh-bot/sail-operator that referenced this pull request Apr 23, 2026
Automated merge
817640f 
* upstream/main: (27 commits)
  Using crane instead of skopeo which is not available in the build-tools (istio-ecosystem#1870)
  Sync min tls version from `TLSConfig` to `Istio` (istio-ecosystem#1859)
  Fix serves metrics securely test (istio-ecosystem#1860)
  refactor: vendor kubernetes manifests into the repo (istio-ecosystem#1853)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1856)
  Modify "download-charts" script for alpha/beta releases (istio-ecosystem#1852)
  Add operator `TLSConfig` and sync with APIServer TLS profile on openshift (istio-ecosystem#1513)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1851)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1850)
  Add documentation for resource customization (istio-ecosystem#1292)
  refactor error and status condition handling (istio-ecosystem#1807)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1848)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1845)
  feat: add targetRef field to ZTunnel CRD (istio-ecosystem#1259)
  Add 1.29.2 and 1.28.6 versions (istio-ecosystem#1844)
  Use typed Go structs for FIPS values instead of helm.Values (istio-ecosystem#1695)
  Add helm.sh/helm/v3 to license allowlist alongside v4 (istio-ecosystem#1840)
  Update getLatestVersionByPrefix helm to v4 on update_deps.sh (istio-ecosystem#1833)
  Update kustomization files with registry.istio.io (istio-ecosystem#1829)
  Improve testing images tags for OLM and Operator images (istio-ecosystem#1819)
  ...
openshift-service-mesh-bot pushed a commit to openshift-service-mesh-bot/sail-operator that referenced this pull request Apr 24, 2026
Automated merge
7a61251 
* upstream/main: (31 commits)
  Update update-deps flow with 1.30 and remove 1.27 branch (istio-ecosystem#1875)
  tests: Skip TLS profile change test when is executed on Hosted clusters (istio-ecosystem#1873)
  Add 1.30.0-alpha.2 charts (istio-ecosystem#1854)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1872)
  Using crane instead of skopeo which is not available in the build-tools (istio-ecosystem#1870)
  Sync min tls version from `TLSConfig` to `Istio` (istio-ecosystem#1859)
  Fix serves metrics securely test (istio-ecosystem#1860)
  refactor: vendor kubernetes manifests into the repo (istio-ecosystem#1853)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1856)
  Modify "download-charts" script for alpha/beta releases (istio-ecosystem#1852)
  Add operator `TLSConfig` and sync with APIServer TLS profile on openshift (istio-ecosystem#1513)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1851)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1850)
  Add documentation for resource customization (istio-ecosystem#1292)
  refactor error and status condition handling (istio-ecosystem#1807)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1848)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1845)
  feat: add targetRef field to ZTunnel CRD (istio-ecosystem#1259)
  Add 1.29.2 and 1.28.6 versions (istio-ecosystem#1844)
  Use typed Go structs for FIPS values instead of helm.Values (istio-ecosystem#1695)
  ...
openshift-service-mesh-bot pushed a commit to openshift-service-mesh-bot/sail-operator that referenced this pull request Apr 27, 2026
Automated merge
4d95957 
* upstream/main: (35 commits)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1886)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1884)
  Fixing two problems with our hack/update-istio.sh script (istio-ecosystem#1882)
  test: Modify await_operator to dinamically get deployment name from csv when OLM is true (istio-ecosystem#1874)
  Update update-deps flow with 1.30 and remove 1.27 branch (istio-ecosystem#1875)
  tests: Skip TLS profile change test when is executed on Hosted clusters (istio-ecosystem#1873)
  Add 1.30.0-alpha.2 charts (istio-ecosystem#1854)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1872)
  Using crane instead of skopeo which is not available in the build-tools (istio-ecosystem#1870)
  Sync min tls version from `TLSConfig` to `Istio` (istio-ecosystem#1859)
  Fix serves metrics securely test (istio-ecosystem#1860)
  refactor: vendor kubernetes manifests into the repo (istio-ecosystem#1853)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1856)
  Modify "download-charts" script for alpha/beta releases (istio-ecosystem#1852)
  Add operator `TLSConfig` and sync with APIServer TLS profile on openshift (istio-ecosystem#1513)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1851)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1850)
  Add documentation for resource customization (istio-ecosystem#1292)
  refactor error and status condition handling (istio-ecosystem#1807)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1848)
  ...
openshift-service-mesh-bot pushed a commit to openshift-service-mesh-bot/sail-operator that referenced this pull request Apr 30, 2026
Automated merge
0fe6bbb 
* upstream/main: (39 commits)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1896)
  Fix test docs test failure (istio-ecosystem#1890)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1892)
  Skip processing aliases referencing pre-released versions in EOL updater (istio-ecosystem#1883)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1886)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1884)
  Fixing two problems with our hack/update-istio.sh script (istio-ecosystem#1882)
  test: Modify await_operator to dinamically get deployment name from csv when OLM is true (istio-ecosystem#1874)
  Update update-deps flow with 1.30 and remove 1.27 branch (istio-ecosystem#1875)
  tests: Skip TLS profile change test when is executed on Hosted clusters (istio-ecosystem#1873)
  Add 1.30.0-alpha.2 charts (istio-ecosystem#1854)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1872)
  Using crane instead of skopeo which is not available in the build-tools (istio-ecosystem#1870)
  Sync min tls version from `TLSConfig` to `Istio` (istio-ecosystem#1859)
  Fix serves metrics securely test (istio-ecosystem#1860)
  refactor: vendor kubernetes manifests into the repo (istio-ecosystem#1853)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1856)
  Modify "download-charts" script for alpha/beta releases (istio-ecosystem#1852)
  Add operator `TLSConfig` and sync with APIServer TLS profile on openshift (istio-ecosystem#1513)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1851)
  ...
openshift-service-mesh-bot pushed a commit to openshift-service-mesh-bot/sail-operator that referenced this pull request May 1, 2026
Automated merge
2a5107d 
* upstream/main: (41 commits)
  fix: handle repos with different release branch naming in crd-schema-checker (istio-ecosystem#1897)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1899)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1896)
  Fix test docs test failure (istio-ecosystem#1890)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1892)
  Skip processing aliases referencing pre-released versions in EOL updater (istio-ecosystem#1883)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1886)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1884)
  Fixing two problems with our hack/update-istio.sh script (istio-ecosystem#1882)
  test: Modify await_operator to dinamically get deployment name from csv when OLM is true (istio-ecosystem#1874)
  Update update-deps flow with 1.30 and remove 1.27 branch (istio-ecosystem#1875)
  tests: Skip TLS profile change test when is executed on Hosted clusters (istio-ecosystem#1873)
  Add 1.30.0-alpha.2 charts (istio-ecosystem#1854)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1872)
  Using crane instead of skopeo which is not available in the build-tools (istio-ecosystem#1870)
  Sync min tls version from `TLSConfig` to `Istio` (istio-ecosystem#1859)
  Fix serves metrics securely test (istio-ecosystem#1860)
  refactor: vendor kubernetes manifests into the repo (istio-ecosystem#1853)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1856)
  Modify "download-charts" script for alpha/beta releases (istio-ecosystem#1852)
  ...
openshift-service-mesh-bot pushed a commit to openshift-service-mesh-bot/sail-operator that referenced this pull request May 4, 2026
Automated merge
a85c0a1 
* upstream/main: (41 commits)
  fix: handle repos with different release branch naming in crd-schema-checker (istio-ecosystem#1897)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1899)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1896)
  Fix test docs test failure (istio-ecosystem#1890)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1892)
  Skip processing aliases referencing pre-released versions in EOL updater (istio-ecosystem#1883)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1886)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1884)
  Fixing two problems with our hack/update-istio.sh script (istio-ecosystem#1882)
  test: Modify await_operator to dinamically get deployment name from csv when OLM is true (istio-ecosystem#1874)
  Update update-deps flow with 1.30 and remove 1.27 branch (istio-ecosystem#1875)
  tests: Skip TLS profile change test when is executed on Hosted clusters (istio-ecosystem#1873)
  Add 1.30.0-alpha.2 charts (istio-ecosystem#1854)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1872)
  Using crane instead of skopeo which is not available in the build-tools (istio-ecosystem#1870)
  Sync min tls version from `TLSConfig` to `Istio` (istio-ecosystem#1859)
  Fix serves metrics securely test (istio-ecosystem#1860)
  refactor: vendor kubernetes manifests into the repo (istio-ecosystem#1853)
  Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1856)
  Modify "download-charts" script for alpha/beta releases (istio-ecosystem#1852)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dgn dgn dgn approved these changes

Assignees

No one assigned

Labels

size/L

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@nrfox @dgn @istio-testing