diff --git a/Makefile.core.mk b/Makefile.core.mk index 0a593a9f2..71098d20b 100644 --- a/Makefile.core.mk +++ b/Makefile.core.mk @@ -486,11 +486,11 @@ ISTIOCTL ?= $(LOCALBIN)/istioctl ## Tool Versions OPERATOR_SDK_VERSION ?= v1.39.1 -HELM_VERSION ?= v3.17.0 -CONTROLLER_TOOLS_VERSION ?= v0.17.1 +HELM_VERSION ?= v3.17.1 +CONTROLLER_TOOLS_VERSION ?= v0.17.2 OPM_VERSION ?= v1.50.0 OLM_VERSION ?= v0.31.0 -GITLEAKS_VERSION ?= v8.23.1 +GITLEAKS_VERSION ?= v8.24.0 ISTIOCTL_VERSION ?= 1.23.0 # GENERATE_RELATED_IMAGES defines whether `spec.relatedImages` is going to be generated or not diff --git a/api/v1/values_types.gen.go b/api/v1/values_types.gen.go index 258be3962..160113b81 100644 --- a/api/v1/values_types.gen.go +++ b/api/v1/values_types.gen.go @@ -420,7 +420,6 @@ type GlobalConfig struct { IpFamilyPolicy *string `json:"ipFamilyPolicy,omitempty"` // Specifies how waypoints are configured within Istio. Waypoint *WaypointConfig `json:"waypoint,omitempty"` // The next available key is 73 - } // Configuration for Security Token Service (STS) server. diff --git a/bundle/manifests/extensions.istio.io_wasmplugins.yaml b/bundle/manifests/extensions.istio.io_wasmplugins.yaml index cd7c2de8a..22803cb14 100644 --- a/bundle/manifests/extensions.istio.io_wasmplugins.yaml +++ b/bundle/manifests/extensions.istio.io_wasmplugins.yaml @@ -133,14 +133,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains("*")' + rule: '!self.contains(''*'')' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains("*")) + rule: self.all(key, !key.contains('*')) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -180,9 +180,8 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], - ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", - "ServiceEntry"]]' + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' targetRefs: description: Optional. items: @@ -216,9 +215,8 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], - ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", - "ServiceEntry"]]' + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' maxItems: 16 type: array type: @@ -237,9 +235,10 @@ spec: type: string x-kubernetes-validations: - message: url must have schema one of [http, https, file, oci] - rule: |- - isURL(self) ? (url(self).getScheme() in ["", "http", "https", "oci", "file"]) : (isURL("http://" + self) && - url("http://" + self).getScheme() in ["", "http", "https", "oci", "file"]) + rule: 'isURL(self) ? (url(self).getScheme() in ['''', ''http'', + ''https'', ''oci'', ''file'']) : (isURL(''http://'' + self) && + url(''http://'' +self).getScheme() in ['''', ''http'', ''https'', + ''oci'', ''file''])' verificationKey: type: string vmConfig: @@ -273,7 +272,7 @@ spec: type: object x-kubernetes-validations: - message: value may only be set when valueFrom is INLINE - rule: '(has(self.valueFrom) ? self.valueFrom : "") != "HOST" + rule: '(has(self.valueFrom) ? self.valueFrom : '''') != ''HOST'' || !has(self.value)' maxItems: 256 type: array @@ -286,8 +285,7 @@ spec: type: object x-kubernetes-validations: - message: only one of targetRefs or selector can be set - rule: '(has(self.selector) ? 1 : 0) + (has(self.targetRef) ? 1 : 0) - + (has(self.targetRefs) ? 1 : 0) <= 1' + rule: (has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1 status: properties: conditions: @@ -307,12 +305,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -329,6 +321,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. diff --git a/bundle/manifests/networking.istio.io_destinationrules.yaml b/bundle/manifests/networking.istio.io_destinationrules.yaml index f90f96905..72d6ff1cc 100644 --- a/bundle/manifests/networking.istio.io_destinationrules.yaml +++ b/bundle/manifests/networking.istio.io_destinationrules.yaml @@ -1844,14 +1844,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains("*")' + rule: '!self.contains(''*'')' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains("*")) + rule: self.all(key, !key.contains('*')) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -1877,12 +1877,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -1899,6 +1893,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. @@ -3758,14 +3754,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains("*")' + rule: '!self.contains(''*'')' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains("*")) + rule: self.all(key, !key.contains('*')) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -3791,12 +3787,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -3813,6 +3803,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. @@ -5672,14 +5664,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains("*")' + rule: '!self.contains(''*'')' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains("*")) + rule: self.all(key, !key.contains('*')) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -5705,12 +5697,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -5727,6 +5713,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. diff --git a/bundle/manifests/networking.istio.io_envoyfilters.yaml b/bundle/manifests/networking.istio.io_envoyfilters.yaml index ac318e55a..14d5c6f71 100644 --- a/bundle/manifests/networking.istio.io_envoyfilters.yaml +++ b/bundle/manifests/networking.istio.io_envoyfilters.yaml @@ -302,9 +302,8 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], - ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", - "ServiceEntry"]]' + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' maxItems: 16 type: array workloadSelector: @@ -317,7 +316,7 @@ spec: type: string x-kubernetes-validations: - message: wildcard is not supported in selector - rule: '!self.contains("*")' + rule: '!self.contains(''*'')' description: One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. maxProperties: 256 @@ -326,8 +325,7 @@ spec: type: object x-kubernetes-validations: - message: only one of targetRefs or workloadSelector can be set - rule: '(has(self.workloadSelector) ? 1 : 0) + (has(self.targetRefs) - ? 1 : 0) <= 1' + rule: (has(self.workloadSelector)?1:0)+(has(self.targetRefs)?1:0)<=1 status: properties: conditions: @@ -347,12 +345,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -369,6 +361,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. diff --git a/bundle/manifests/networking.istio.io_gateways.yaml b/bundle/manifests/networking.istio.io_gateways.yaml index c4d5dbd8a..c6307b2ed 100644 --- a/bundle/manifests/networking.istio.io_gateways.yaml +++ b/bundle/manifests/networking.istio.io_gateways.yaml @@ -196,12 +196,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -218,6 +212,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. @@ -429,12 +425,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -451,6 +441,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. @@ -662,12 +654,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -684,6 +670,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. diff --git a/bundle/manifests/networking.istio.io_proxyconfigs.yaml b/bundle/manifests/networking.istio.io_proxyconfigs.yaml index e5692807f..a9a4ab728 100644 --- a/bundle/manifests/networking.istio.io_proxyconfigs.yaml +++ b/bundle/manifests/networking.istio.io_proxyconfigs.yaml @@ -58,14 +58,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains("*")' + rule: '!self.contains(''*'')' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains("*")) + rule: self.all(key, !key.contains('*')) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -89,12 +89,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -111,6 +105,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. diff --git a/bundle/manifests/networking.istio.io_serviceentries.yaml b/bundle/manifests/networking.istio.io_serviceentries.yaml index bf013b384..dab356fed 100644 --- a/bundle/manifests/networking.istio.io_serviceentries.yaml +++ b/bundle/manifests/networking.istio.io_serviceentries.yaml @@ -72,11 +72,11 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith("unix://") ? (self.substring(7, 8) - == "/" || self.substring(7, 8) == "@") : true' + rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) + == ''/'' || self.substring(7,8) == ''@'') : true' - message: UDS may not be a dir - rule: 'self.startsWith("unix://") ? !self.endsWith("/") : - true' + rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') + : true' labels: additionalProperties: type: string @@ -105,7 +105,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) + rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -121,7 +121,7 @@ spec: - message: Address is required rule: has(self.address) || has(self.network) - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith("unix://")) + rule: '(has(self.address) && self.address.startsWith(''unix://'')) ? !has(self.ports) : true' maxItems: 4096 type: array @@ -136,7 +136,7 @@ spec: type: string x-kubernetes-validations: - message: hostname cannot be wildcard - rule: self != "*" + rule: self != '*' maxItems: 256 minItems: 1 type: array @@ -216,7 +216,7 @@ spec: type: string x-kubernetes-validations: - message: wildcard is not supported in selector - rule: '!self.contains("*")' + rule: '!self.contains(''*'')' description: One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. maxProperties: 256 @@ -227,20 +227,18 @@ spec: type: object x-kubernetes-validations: - message: only one of WorkloadSelector or Endpoints can be set - rule: '(has(self.workloadSelector) ? 1 : 0) + (has(self.endpoints) ? - 1 : 0) <= 1' + rule: (has(self.workloadSelector)?1:0)+(has(self.endpoints)?1:0)<=1 - message: CIDR addresses are allowed only for NONE/STATIC resolution types - rule: |- - !(has(self.addresses) && self.addresses.exists(k, k.contains("/")) && has(self.resolution) && - self.resolution != "STATIC" && self.resolution != "NONE") + rule: '!(has(self.addresses) && self.addresses.exists(k, k.contains(''/'')) + && (has(self.resolution) && self.resolution != ''STATIC'' && self.resolution + != ''NONE''))' - message: NONE mode cannot set endpoints - rule: '(!has(self.resolution) || self.resolution == "NONE") ? !has(self.endpoints) + rule: '(!has(self.resolution) || self.resolution == ''NONE'') ? !has(self.endpoints) : true' - message: DNS_ROUND_ROBIN mode cannot have multiple endpoints - rule: |- - (has(self.resolution) && self.resolution == "DNS_ROUND_ROBIN") ? (!has(self.endpoints) || - size(self.endpoints) == 1) : true + rule: '(has(self.resolution) && self.resolution == ''DNS_ROUND_ROBIN'') + ? (!has(self.endpoints) || size(self.endpoints) == 1) : true' status: properties: conditions: @@ -260,12 +258,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -282,6 +274,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. @@ -371,11 +365,11 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith("unix://") ? (self.substring(7, 8) - == "/" || self.substring(7, 8) == "@") : true' + rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) + == ''/'' || self.substring(7,8) == ''@'') : true' - message: UDS may not be a dir - rule: 'self.startsWith("unix://") ? !self.endsWith("/") : - true' + rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') + : true' labels: additionalProperties: type: string @@ -404,7 +398,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) + rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -420,7 +414,7 @@ spec: - message: Address is required rule: has(self.address) || has(self.network) - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith("unix://")) + rule: '(has(self.address) && self.address.startsWith(''unix://'')) ? !has(self.ports) : true' maxItems: 4096 type: array @@ -435,7 +429,7 @@ spec: type: string x-kubernetes-validations: - message: hostname cannot be wildcard - rule: self != "*" + rule: self != '*' maxItems: 256 minItems: 1 type: array @@ -515,7 +509,7 @@ spec: type: string x-kubernetes-validations: - message: wildcard is not supported in selector - rule: '!self.contains("*")' + rule: '!self.contains(''*'')' description: One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. maxProperties: 256 @@ -526,20 +520,18 @@ spec: type: object x-kubernetes-validations: - message: only one of WorkloadSelector or Endpoints can be set - rule: '(has(self.workloadSelector) ? 1 : 0) + (has(self.endpoints) ? - 1 : 0) <= 1' + rule: (has(self.workloadSelector)?1:0)+(has(self.endpoints)?1:0)<=1 - message: CIDR addresses are allowed only for NONE/STATIC resolution types - rule: |- - !(has(self.addresses) && self.addresses.exists(k, k.contains("/")) && has(self.resolution) && - self.resolution != "STATIC" && self.resolution != "NONE") + rule: '!(has(self.addresses) && self.addresses.exists(k, k.contains(''/'')) + && (has(self.resolution) && self.resolution != ''STATIC'' && self.resolution + != ''NONE''))' - message: NONE mode cannot set endpoints - rule: '(!has(self.resolution) || self.resolution == "NONE") ? !has(self.endpoints) + rule: '(!has(self.resolution) || self.resolution == ''NONE'') ? !has(self.endpoints) : true' - message: DNS_ROUND_ROBIN mode cannot have multiple endpoints - rule: |- - (has(self.resolution) && self.resolution == "DNS_ROUND_ROBIN") ? (!has(self.endpoints) || - size(self.endpoints) == 1) : true + rule: '(has(self.resolution) && self.resolution == ''DNS_ROUND_ROBIN'') + ? (!has(self.endpoints) || size(self.endpoints) == 1) : true' status: properties: conditions: @@ -559,12 +551,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -581,6 +567,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. @@ -670,11 +658,11 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith("unix://") ? (self.substring(7, 8) - == "/" || self.substring(7, 8) == "@") : true' + rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) + == ''/'' || self.substring(7,8) == ''@'') : true' - message: UDS may not be a dir - rule: 'self.startsWith("unix://") ? !self.endsWith("/") : - true' + rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') + : true' labels: additionalProperties: type: string @@ -703,7 +691,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) + rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -719,7 +707,7 @@ spec: - message: Address is required rule: has(self.address) || has(self.network) - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith("unix://")) + rule: '(has(self.address) && self.address.startsWith(''unix://'')) ? !has(self.ports) : true' maxItems: 4096 type: array @@ -734,7 +722,7 @@ spec: type: string x-kubernetes-validations: - message: hostname cannot be wildcard - rule: self != "*" + rule: self != '*' maxItems: 256 minItems: 1 type: array @@ -814,7 +802,7 @@ spec: type: string x-kubernetes-validations: - message: wildcard is not supported in selector - rule: '!self.contains("*")' + rule: '!self.contains(''*'')' description: One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. maxProperties: 256 @@ -825,20 +813,18 @@ spec: type: object x-kubernetes-validations: - message: only one of WorkloadSelector or Endpoints can be set - rule: '(has(self.workloadSelector) ? 1 : 0) + (has(self.endpoints) ? - 1 : 0) <= 1' + rule: (has(self.workloadSelector)?1:0)+(has(self.endpoints)?1:0)<=1 - message: CIDR addresses are allowed only for NONE/STATIC resolution types - rule: |- - !(has(self.addresses) && self.addresses.exists(k, k.contains("/")) && has(self.resolution) && - self.resolution != "STATIC" && self.resolution != "NONE") + rule: '!(has(self.addresses) && self.addresses.exists(k, k.contains(''/'')) + && (has(self.resolution) && self.resolution != ''STATIC'' && self.resolution + != ''NONE''))' - message: NONE mode cannot set endpoints - rule: '(!has(self.resolution) || self.resolution == "NONE") ? !has(self.endpoints) + rule: '(!has(self.resolution) || self.resolution == ''NONE'') ? !has(self.endpoints) : true' - message: DNS_ROUND_ROBIN mode cannot have multiple endpoints - rule: |- - (has(self.resolution) && self.resolution == "DNS_ROUND_ROBIN") ? (!has(self.endpoints) || - size(self.endpoints) == 1) : true + rule: '(has(self.resolution) && self.resolution == ''DNS_ROUND_ROBIN'') + ? (!has(self.endpoints) || size(self.endpoints) == 1) : true' status: properties: conditions: @@ -858,12 +844,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -880,6 +860,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. diff --git a/bundle/manifests/networking.istio.io_sidecars.yaml b/bundle/manifests/networking.istio.io_sidecars.yaml index 144cd8977..dd6b32b37 100644 --- a/bundle/manifests/networking.istio.io_sidecars.yaml +++ b/bundle/manifests/networking.istio.io_sidecars.yaml @@ -477,7 +477,7 @@ spec: type: string x-kubernetes-validations: - message: wildcard is not supported in selector - rule: '!self.contains("*")' + rule: '!self.contains(''*'')' description: One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. maxProperties: 256 @@ -503,12 +503,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -525,6 +519,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. @@ -1019,7 +1015,7 @@ spec: type: string x-kubernetes-validations: - message: wildcard is not supported in selector - rule: '!self.contains("*")' + rule: '!self.contains(''*'')' description: One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. maxProperties: 256 @@ -1045,12 +1041,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -1067,6 +1057,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. @@ -1561,7 +1553,7 @@ spec: type: string x-kubernetes-validations: - message: wildcard is not supported in selector - rule: '!self.contains("*")' + rule: '!self.contains(''*'')' description: One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. maxProperties: 256 @@ -1587,12 +1579,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -1609,6 +1595,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. diff --git a/bundle/manifests/networking.istio.io_virtualservices.yaml b/bundle/manifests/networking.istio.io_virtualservices.yaml index 30590fe26..b07b71aa1 100644 --- a/bundle/manifests/networking.istio.io_virtualservices.yaml +++ b/bundle/manifests/networking.istio.io_virtualservices.yaml @@ -1003,12 +1003,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -1025,6 +1019,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. @@ -2043,12 +2039,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -2065,6 +2055,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. @@ -3083,12 +3075,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -3105,6 +3091,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. diff --git a/bundle/manifests/networking.istio.io_workloadentries.yaml b/bundle/manifests/networking.istio.io_workloadentries.yaml index 60ec0badd..8ff93a410 100644 --- a/bundle/manifests/networking.istio.io_workloadentries.yaml +++ b/bundle/manifests/networking.istio.io_workloadentries.yaml @@ -52,10 +52,10 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith("unix://") ? (self.substring(7, 8) == "/" - || self.substring(7, 8) == "@") : true' + rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) == ''/'' + || self.substring(7,8) == ''@'') : true' - message: UDS may not be a dir - rule: 'self.startsWith("unix://") ? !self.endsWith("/") : true' + rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') : true' labels: additionalProperties: type: string @@ -84,7 +84,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) + rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -100,8 +100,8 @@ spec: - message: Address is required rule: has(self.address) || has(self.network) - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith("unix://")) ? !has(self.ports) - : true' + rule: '(has(self.address) && self.address.startsWith(''unix://'')) ? + !has(self.ports) : true' status: properties: conditions: @@ -121,12 +121,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -143,6 +137,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. @@ -212,10 +208,10 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith("unix://") ? (self.substring(7, 8) == "/" - || self.substring(7, 8) == "@") : true' + rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) == ''/'' + || self.substring(7,8) == ''@'') : true' - message: UDS may not be a dir - rule: 'self.startsWith("unix://") ? !self.endsWith("/") : true' + rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') : true' labels: additionalProperties: type: string @@ -244,7 +240,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) + rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -260,8 +256,8 @@ spec: - message: Address is required rule: has(self.address) || has(self.network) - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith("unix://")) ? !has(self.ports) - : true' + rule: '(has(self.address) && self.address.startsWith(''unix://'')) ? + !has(self.ports) : true' status: properties: conditions: @@ -281,12 +277,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -303,6 +293,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. @@ -372,10 +364,10 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith("unix://") ? (self.substring(7, 8) == "/" - || self.substring(7, 8) == "@") : true' + rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) == ''/'' + || self.substring(7,8) == ''@'') : true' - message: UDS may not be a dir - rule: 'self.startsWith("unix://") ? !self.endsWith("/") : true' + rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') : true' labels: additionalProperties: type: string @@ -404,7 +396,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) + rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -420,8 +412,8 @@ spec: - message: Address is required rule: has(self.address) || has(self.network) - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith("unix://")) ? !has(self.ports) - : true' + rule: '(has(self.address) && self.address.startsWith(''unix://'')) ? + !has(self.ports) : true' status: properties: conditions: @@ -441,12 +433,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -463,6 +449,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. diff --git a/bundle/manifests/networking.istio.io_workloadgroups.yaml b/bundle/manifests/networking.istio.io_workloadgroups.yaml index 23b7e6d31..486c0e689 100644 --- a/bundle/manifests/networking.istio.io_workloadgroups.yaml +++ b/bundle/manifests/networking.istio.io_workloadgroups.yaml @@ -65,16 +65,12 @@ spec: - tcpSocket - required: - exec - - required: - - grpc - required: - httpGet - required: - tcpSocket - required: - exec - - required: - - grpc properties: exec: description: Health is determined by how the command that is executed @@ -95,21 +91,6 @@ spec: format: int32 minimum: 0 type: integer - grpc: - description: GRPC call is made and response/error is used to determine - health. - properties: - port: - description: Port on which the endpoint lives. - maximum: 4294967295 - minimum: 0 - type: integer - x-kubernetes-validations: - - message: port must be between 1-65535 - rule: 0 < self && self <= 65535 - service: - type: string - type: object httpGet: description: '`httpGet` is performed to a given endpoint and the status/able to connect determines health.' @@ -144,7 +125,7 @@ spec: type: string x-kubernetes-validations: - message: scheme must be one of [HTTP, HTTPS] - rule: self in ["", "HTTP", "HTTPS"] + rule: self in ['', 'HTTP', 'HTTPS'] required: - port type: object @@ -197,10 +178,11 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith("unix://") ? (self.substring(7, 8) == - "/" || self.substring(7, 8) == "@") : true' + rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) == + ''/'' || self.substring(7,8) == ''@'') : true' - message: UDS may not be a dir - rule: 'self.startsWith("unix://") ? !self.endsWith("/") : true' + rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') + : true' labels: additionalProperties: type: string @@ -229,7 +211,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) + rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -243,7 +225,7 @@ spec: type: object x-kubernetes-validations: - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith("unix://")) + rule: '(has(self.address) && self.address.startsWith(''unix://'')) ? !has(self.ports) : true' required: - template @@ -267,12 +249,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -289,6 +265,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. @@ -373,16 +351,12 @@ spec: - tcpSocket - required: - exec - - required: - - grpc - required: - httpGet - required: - tcpSocket - required: - exec - - required: - - grpc properties: exec: description: Health is determined by how the command that is executed @@ -403,21 +377,6 @@ spec: format: int32 minimum: 0 type: integer - grpc: - description: GRPC call is made and response/error is used to determine - health. - properties: - port: - description: Port on which the endpoint lives. - maximum: 4294967295 - minimum: 0 - type: integer - x-kubernetes-validations: - - message: port must be between 1-65535 - rule: 0 < self && self <= 65535 - service: - type: string - type: object httpGet: description: '`httpGet` is performed to a given endpoint and the status/able to connect determines health.' @@ -452,7 +411,7 @@ spec: type: string x-kubernetes-validations: - message: scheme must be one of [HTTP, HTTPS] - rule: self in ["", "HTTP", "HTTPS"] + rule: self in ['', 'HTTP', 'HTTPS'] required: - port type: object @@ -505,10 +464,11 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith("unix://") ? (self.substring(7, 8) == - "/" || self.substring(7, 8) == "@") : true' + rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) == + ''/'' || self.substring(7,8) == ''@'') : true' - message: UDS may not be a dir - rule: 'self.startsWith("unix://") ? !self.endsWith("/") : true' + rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') + : true' labels: additionalProperties: type: string @@ -537,7 +497,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) + rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -551,7 +511,7 @@ spec: type: object x-kubernetes-validations: - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith("unix://")) + rule: '(has(self.address) && self.address.startsWith(''unix://'')) ? !has(self.ports) : true' required: - template @@ -575,12 +535,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -597,6 +551,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. @@ -681,16 +637,12 @@ spec: - tcpSocket - required: - exec - - required: - - grpc - required: - httpGet - required: - tcpSocket - required: - exec - - required: - - grpc properties: exec: description: Health is determined by how the command that is executed @@ -711,21 +663,6 @@ spec: format: int32 minimum: 0 type: integer - grpc: - description: GRPC call is made and response/error is used to determine - health. - properties: - port: - description: Port on which the endpoint lives. - maximum: 4294967295 - minimum: 0 - type: integer - x-kubernetes-validations: - - message: port must be between 1-65535 - rule: 0 < self && self <= 65535 - service: - type: string - type: object httpGet: description: '`httpGet` is performed to a given endpoint and the status/able to connect determines health.' @@ -760,7 +697,7 @@ spec: type: string x-kubernetes-validations: - message: scheme must be one of [HTTP, HTTPS] - rule: self in ["", "HTTP", "HTTPS"] + rule: self in ['', 'HTTP', 'HTTPS'] required: - port type: object @@ -813,10 +750,11 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith("unix://") ? (self.substring(7, 8) == - "/" || self.substring(7, 8) == "@") : true' + rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) == + ''/'' || self.substring(7,8) == ''@'') : true' - message: UDS may not be a dir - rule: 'self.startsWith("unix://") ? !self.endsWith("/") : true' + rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') + : true' labels: additionalProperties: type: string @@ -845,7 +783,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) + rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -859,7 +797,7 @@ spec: type: object x-kubernetes-validations: - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith("unix://")) + rule: '(has(self.address) && self.address.startsWith(''unix://'')) ? !has(self.ports) : true' required: - template @@ -883,12 +821,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -905,6 +837,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. diff --git a/bundle/manifests/sailoperator.io_istiocnis.yaml b/bundle/manifests/sailoperator.io_istiocnis.yaml index a2a30607a..78626b575 100644 --- a/bundle/manifests/sailoperator.io_istiocnis.yaml +++ b/bundle/manifests/sailoperator.io_istiocnis.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.17.1 + controller-gen.kubebuilder.io/version: v0.17.2 creationTimestamp: null name: istiocnis.sailoperator.io spec: diff --git a/bundle/manifests/sailoperator.io_istiorevisions.yaml b/bundle/manifests/sailoperator.io_istiorevisions.yaml index 8be8aa845..d75684d3b 100644 --- a/bundle/manifests/sailoperator.io_istiorevisions.yaml +++ b/bundle/manifests/sailoperator.io_istiorevisions.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.17.1 + controller-gen.kubebuilder.io/version: v0.17.2 creationTimestamp: null name: istiorevisions.sailoperator.io spec: diff --git a/bundle/manifests/sailoperator.io_istiorevisiontags.yaml b/bundle/manifests/sailoperator.io_istiorevisiontags.yaml index 554ccea34..f0269e61c 100644 --- a/bundle/manifests/sailoperator.io_istiorevisiontags.yaml +++ b/bundle/manifests/sailoperator.io_istiorevisiontags.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.17.1 + controller-gen.kubebuilder.io/version: v0.17.2 creationTimestamp: null name: istiorevisiontags.sailoperator.io spec: diff --git a/bundle/manifests/sailoperator.io_istios.yaml b/bundle/manifests/sailoperator.io_istios.yaml index b5e0d2e07..2b6fa32c1 100644 --- a/bundle/manifests/sailoperator.io_istios.yaml +++ b/bundle/manifests/sailoperator.io_istios.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.17.1 + controller-gen.kubebuilder.io/version: v0.17.2 creationTimestamp: null name: istios.sailoperator.io spec: diff --git a/bundle/manifests/sailoperator.io_ztunnels.yaml b/bundle/manifests/sailoperator.io_ztunnels.yaml index 1e2a9b774..b3c207ae8 100644 --- a/bundle/manifests/sailoperator.io_ztunnels.yaml +++ b/bundle/manifests/sailoperator.io_ztunnels.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.17.1 + controller-gen.kubebuilder.io/version: v0.17.2 creationTimestamp: null name: ztunnels.sailoperator.io spec: diff --git a/bundle/manifests/security.istio.io_authorizationpolicies.yaml b/bundle/manifests/security.istio.io_authorizationpolicies.yaml index 742c5a02c..bebc1b2c6 100644 --- a/bundle/manifests/security.istio.io_authorizationpolicies.yaml +++ b/bundle/manifests/security.istio.io_authorizationpolicies.yaml @@ -117,13 +117,6 @@ spec: items: type: string type: array - notServiceAccounts: - description: Optional. - items: - maxLength: 320 - type: string - maxItems: 16 - type: array principals: description: Optional. items: @@ -139,22 +132,8 @@ spec: items: type: string type: array - serviceAccounts: - description: Optional. - items: - maxLength: 320 - type: string - maxItems: 16 - type: array type: object - x-kubernetes-validations: - - message: Cannot set serviceAccounts with namespaces - or principals - rule: |- - (has(self.serviceAccounts) || has(self.notServiceAccounts)) ? (!has(self.principals) && - !has(self.notPrincipals) && !has(self.namespaces) && !has(self.notNamespaces)) : true type: object - maxItems: 512 type: array to: description: Optional. @@ -228,7 +207,6 @@ spec: type: object type: array type: object - maxItems: 512 type: array selector: description: Optional. @@ -239,14 +217,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains("*")' + rule: '!self.contains(''*'')' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains("*")) + rule: self.all(key, !key.contains('*')) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -281,9 +259,8 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], - ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", - "ServiceEntry"]]' + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' targetRefs: description: Optional. items: @@ -317,16 +294,14 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], - ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", - "ServiceEntry"]]' + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' maxItems: 16 type: array type: object x-kubernetes-validations: - message: only one of targetRefs or selector can be set - rule: '(has(self.selector) ? 1 : 0) + (has(self.targetRef) ? 1 : 0) - + (has(self.targetRefs) ? 1 : 0) <= 1' + rule: (has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1 status: properties: conditions: @@ -346,12 +321,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -368,6 +337,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. @@ -499,13 +470,6 @@ spec: items: type: string type: array - notServiceAccounts: - description: Optional. - items: - maxLength: 320 - type: string - maxItems: 16 - type: array principals: description: Optional. items: @@ -521,22 +485,8 @@ spec: items: type: string type: array - serviceAccounts: - description: Optional. - items: - maxLength: 320 - type: string - maxItems: 16 - type: array type: object - x-kubernetes-validations: - - message: Cannot set serviceAccounts with namespaces - or principals - rule: |- - (has(self.serviceAccounts) || has(self.notServiceAccounts)) ? (!has(self.principals) && - !has(self.notPrincipals) && !has(self.namespaces) && !has(self.notNamespaces)) : true type: object - maxItems: 512 type: array to: description: Optional. @@ -610,7 +560,6 @@ spec: type: object type: array type: object - maxItems: 512 type: array selector: description: Optional. @@ -621,14 +570,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains("*")' + rule: '!self.contains(''*'')' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains("*")) + rule: self.all(key, !key.contains('*')) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -663,9 +612,8 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], - ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", - "ServiceEntry"]]' + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' targetRefs: description: Optional. items: @@ -699,16 +647,14 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], - ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", - "ServiceEntry"]]' + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' maxItems: 16 type: array type: object x-kubernetes-validations: - message: only one of targetRefs or selector can be set - rule: '(has(self.selector) ? 1 : 0) + (has(self.targetRef) ? 1 : 0) - + (has(self.targetRefs) ? 1 : 0) <= 1' + rule: (has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1 status: properties: conditions: @@ -728,12 +674,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -750,6 +690,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. diff --git a/bundle/manifests/security.istio.io_peerauthentications.yaml b/bundle/manifests/security.istio.io_peerauthentications.yaml index 8bcfa2a7c..0d9ad5524 100644 --- a/bundle/manifests/security.istio.io_peerauthentications.yaml +++ b/bundle/manifests/security.istio.io_peerauthentications.yaml @@ -92,23 +92,22 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains("*")' + rule: '!self.contains(''*'')' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains("*")) + rule: self.all(key, !key.contains('*')) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object type: object x-kubernetes-validations: - message: portLevelMtls requires selector - rule: |- - has(self.selector) && has(self.selector.matchLabels) && self.selector.matchLabels.size() > 0 || - !has(self.portLevelMtls) + rule: (has(self.selector) && has(self.selector.matchLabels) && self.selector.matchLabels.size() + > 0) || !has(self.portLevelMtls) status: properties: conditions: @@ -128,12 +127,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -150,6 +143,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. @@ -256,23 +251,22 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains("*")' + rule: '!self.contains(''*'')' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains("*")) + rule: self.all(key, !key.contains('*')) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object type: object x-kubernetes-validations: - message: portLevelMtls requires selector - rule: |- - has(self.selector) && has(self.selector.matchLabels) && self.selector.matchLabels.size() > 0 || - !has(self.portLevelMtls) + rule: (has(self.selector) && has(self.selector.matchLabels) && self.selector.matchLabels.size() + > 0) || !has(self.portLevelMtls) status: properties: conditions: @@ -292,12 +286,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -314,6 +302,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. diff --git a/bundle/manifests/security.istio.io_requestauthentications.yaml b/bundle/manifests/security.istio.io_requestauthentications.yaml index 74fda7a7f..2d1b0ba00 100644 --- a/bundle/manifests/security.istio.io_requestauthentications.yaml +++ b/bundle/manifests/security.istio.io_requestauthentications.yaml @@ -93,7 +93,7 @@ spec: type: string x-kubernetes-validations: - message: url must have scheme http:// or https:// - rule: url(self).getScheme() in ["http", "https"] + rule: url(self).getScheme() in ['http', 'https'] jwksUri: description: URL of the provider's public key set to validate signature of the JWT. @@ -102,7 +102,7 @@ spec: type: string x-kubernetes-validations: - message: url must have scheme http:// or https:// - rule: url(self).getScheme() in ["http", "https"] + rule: url(self).getScheme() in ['http', 'https'] outputClaimToHeaders: description: This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token. @@ -139,8 +139,7 @@ spec: type: object x-kubernetes-validations: - message: only one of jwks or jwksUri can be set - rule: '(has(self.jwksUri) ? 1 : 0) + (has(self.jwks_uri) ? 1 : - 0) + (has(self.jwks) ? 1 : 0) <= 1' + rule: (has(self.jwksUri)?1:0)+(has(self.jwks_uri)?1:0)+(has(self.jwks)?1:0)<=1 maxItems: 4096 type: array selector: @@ -152,14 +151,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains("*")' + rule: '!self.contains(''*'')' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains("*")) + rule: self.all(key, !key.contains('*')) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -194,9 +193,8 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], - ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", - "ServiceEntry"]]' + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' targetRefs: description: Optional. items: @@ -230,16 +228,14 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], - ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", - "ServiceEntry"]]' + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' maxItems: 16 type: array type: object x-kubernetes-validations: - message: only one of targetRefs or selector can be set - rule: '(has(self.selector) ? 1 : 0) + (has(self.targetRef) ? 1 : 0) - + (has(self.targetRefs) ? 1 : 0) <= 1' + rule: (has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1 status: properties: conditions: @@ -259,12 +255,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -281,6 +271,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. @@ -388,7 +380,7 @@ spec: type: string x-kubernetes-validations: - message: url must have scheme http:// or https:// - rule: url(self).getScheme() in ["http", "https"] + rule: url(self).getScheme() in ['http', 'https'] jwksUri: description: URL of the provider's public key set to validate signature of the JWT. @@ -397,7 +389,7 @@ spec: type: string x-kubernetes-validations: - message: url must have scheme http:// or https:// - rule: url(self).getScheme() in ["http", "https"] + rule: url(self).getScheme() in ['http', 'https'] outputClaimToHeaders: description: This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token. @@ -434,8 +426,7 @@ spec: type: object x-kubernetes-validations: - message: only one of jwks or jwksUri can be set - rule: '(has(self.jwksUri) ? 1 : 0) + (has(self.jwks_uri) ? 1 : - 0) + (has(self.jwks) ? 1 : 0) <= 1' + rule: (has(self.jwksUri)?1:0)+(has(self.jwks_uri)?1:0)+(has(self.jwks)?1:0)<=1 maxItems: 4096 type: array selector: @@ -447,14 +438,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains("*")' + rule: '!self.contains(''*'')' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains("*")) + rule: self.all(key, !key.contains('*')) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -489,9 +480,8 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], - ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", - "ServiceEntry"]]' + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' targetRefs: description: Optional. items: @@ -525,16 +515,14 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], - ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", - "ServiceEntry"]]' + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' maxItems: 16 type: array type: object x-kubernetes-validations: - message: only one of targetRefs or selector can be set - rule: '(has(self.selector) ? 1 : 0) + (has(self.targetRef) ? 1 : 0) - + (has(self.targetRefs) ? 1 : 0) <= 1' + rule: (has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1 status: properties: conditions: @@ -554,12 +542,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -576,6 +558,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. diff --git a/bundle/manifests/servicemeshoperator3.clusterserviceversion.yaml b/bundle/manifests/servicemeshoperator3.clusterserviceversion.yaml index 1f495fc68..e87976280 100644 --- a/bundle/manifests/servicemeshoperator3.clusterserviceversion.yaml +++ b/bundle/manifests/servicemeshoperator3.clusterserviceversion.yaml @@ -34,7 +34,7 @@ metadata: capabilities: Seamless Upgrades categories: OpenShift Optional, Integration & Delivery, Networking, Security containerImage: quay.io/maistra-dev/sail-operator:3.0-latest - createdAt: "2025-02-18T15:15:29Z" + createdAt: "2025-02-26T09:09:40Z" description: The OpenShift Service Mesh Operator enables you to install, configure, and manage an instance of Red Hat OpenShift Service Mesh. OpenShift Service Mesh is based on the open source Istio project. diff --git a/bundle/manifests/telemetry.istio.io_telemetries.yaml b/bundle/manifests/telemetry.istio.io_telemetries.yaml index f14ec2442..ec3cf100a 100644 --- a/bundle/manifests/telemetry.istio.io_telemetries.yaml +++ b/bundle/manifests/telemetry.istio.io_telemetries.yaml @@ -165,11 +165,11 @@ spec: type: object x-kubernetes-validations: - message: value must be set when operation is UPSERT - rule: '((has(self.operation) ? self.operation : "") - == "UPSERT") ? (self.value != "") : true' + rule: '((has(self.operation) ? self.operation : '''') + == ''UPSERT'') ? self.value != '''' : true' - message: value must not be set when operation is REMOVE - rule: '((has(self.operation) ? self.operation : "") - == "REMOVE") ? !has(self.value) : true' + rule: '((has(self.operation) ? self.operation : '''') + == ''REMOVE'') ? !has(self.value) : true' description: Optional. type: object type: object @@ -203,14 +203,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains("*")' + rule: '!self.contains(''*'')' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains("*")) + rule: self.all(key, !key.contains('*')) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -245,9 +245,8 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], - ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", - "ServiceEntry"]]' + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' targetRefs: description: Optional. items: @@ -281,9 +280,8 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], - ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", - "ServiceEntry"]]' + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' maxItems: 16 type: array tracing: @@ -356,11 +354,6 @@ spec: description: Controls span reporting. nullable: true type: boolean - enableIstioTags: - description: Determines whether or not trace spans generated - by Envoy will include Istio specific tags. - nullable: true - type: boolean match: description: Allows tailoring of behavior to specific conditions. properties: @@ -403,8 +396,7 @@ spec: type: object x-kubernetes-validations: - message: only one of targetRefs or selector can be set - rule: '(has(self.selector) ? 1 : 0) + (has(self.targetRef) ? 1 : 0) - + (has(self.targetRefs) ? 1 : 0) <= 1' + rule: (has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1 status: properties: conditions: @@ -424,12 +416,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -446,6 +432,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. @@ -625,11 +613,11 @@ spec: type: object x-kubernetes-validations: - message: value must be set when operation is UPSERT - rule: '((has(self.operation) ? self.operation : "") - == "UPSERT") ? (self.value != "") : true' + rule: '((has(self.operation) ? self.operation : '''') + == ''UPSERT'') ? self.value != '''' : true' - message: value must not be set when operation is REMOVE - rule: '((has(self.operation) ? self.operation : "") - == "REMOVE") ? !has(self.value) : true' + rule: '((has(self.operation) ? self.operation : '''') + == ''REMOVE'') ? !has(self.value) : true' description: Optional. type: object type: object @@ -663,14 +651,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains("*")' + rule: '!self.contains(''*'')' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains("*")) + rule: self.all(key, !key.contains('*')) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -705,9 +693,8 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], - ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", - "ServiceEntry"]]' + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' targetRefs: description: Optional. items: @@ -741,9 +728,8 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], - ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", - "ServiceEntry"]]' + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' maxItems: 16 type: array tracing: @@ -816,11 +802,6 @@ spec: description: Controls span reporting. nullable: true type: boolean - enableIstioTags: - description: Determines whether or not trace spans generated - by Envoy will include Istio specific tags. - nullable: true - type: boolean match: description: Allows tailoring of behavior to specific conditions. properties: @@ -863,8 +844,7 @@ spec: type: object x-kubernetes-validations: - message: only one of targetRefs or selector can be set - rule: '(has(self.selector) ? 1 : 0) + (has(self.targetRef) ? 1 : 0) - + (has(self.targetRefs) ? 1 : 0) <= 1' + rule: (has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1 status: properties: conditions: @@ -884,12 +864,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -906,6 +880,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. diff --git a/chart/crds/extensions.istio.io_wasmplugins.yaml b/chart/crds/extensions.istio.io_wasmplugins.yaml index 02af2f68c..1acec4b67 100644 --- a/chart/crds/extensions.istio.io_wasmplugins.yaml +++ b/chart/crds/extensions.istio.io_wasmplugins.yaml @@ -133,14 +133,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains("*")' + rule: '!self.contains(''*'')' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains("*")) + rule: self.all(key, !key.contains('*')) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -180,9 +180,8 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], - ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", - "ServiceEntry"]]' + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' targetRefs: description: Optional. items: @@ -216,9 +215,8 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], - ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", - "ServiceEntry"]]' + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' maxItems: 16 type: array type: @@ -237,9 +235,10 @@ spec: type: string x-kubernetes-validations: - message: url must have schema one of [http, https, file, oci] - rule: |- - isURL(self) ? (url(self).getScheme() in ["", "http", "https", "oci", "file"]) : (isURL("http://" + self) && - url("http://" + self).getScheme() in ["", "http", "https", "oci", "file"]) + rule: 'isURL(self) ? (url(self).getScheme() in ['''', ''http'', + ''https'', ''oci'', ''file'']) : (isURL(''http://'' + self) && + url(''http://'' +self).getScheme() in ['''', ''http'', ''https'', + ''oci'', ''file''])' verificationKey: type: string vmConfig: @@ -273,7 +272,7 @@ spec: type: object x-kubernetes-validations: - message: value may only be set when valueFrom is INLINE - rule: '(has(self.valueFrom) ? self.valueFrom : "") != "HOST" + rule: '(has(self.valueFrom) ? self.valueFrom : '''') != ''HOST'' || !has(self.value)' maxItems: 256 type: array @@ -286,8 +285,7 @@ spec: type: object x-kubernetes-validations: - message: only one of targetRefs or selector can be set - rule: '(has(self.selector) ? 1 : 0) + (has(self.targetRef) ? 1 : 0) - + (has(self.targetRefs) ? 1 : 0) <= 1' + rule: (has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1 status: properties: conditions: @@ -307,12 +305,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -329,6 +321,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. diff --git a/chart/crds/networking.istio.io_destinationrules.yaml b/chart/crds/networking.istio.io_destinationrules.yaml index 6b12a12c1..fbe93c67a 100644 --- a/chart/crds/networking.istio.io_destinationrules.yaml +++ b/chart/crds/networking.istio.io_destinationrules.yaml @@ -1843,14 +1843,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains("*")' + rule: '!self.contains(''*'')' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains("*")) + rule: self.all(key, !key.contains('*')) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -1876,12 +1876,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -1898,6 +1892,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. @@ -3757,14 +3753,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains("*")' + rule: '!self.contains(''*'')' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains("*")) + rule: self.all(key, !key.contains('*')) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -3790,12 +3786,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -3812,6 +3802,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. @@ -5671,14 +5663,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains("*")' + rule: '!self.contains(''*'')' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains("*")) + rule: self.all(key, !key.contains('*')) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -5704,12 +5696,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -5726,6 +5712,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. diff --git a/chart/crds/networking.istio.io_envoyfilters.yaml b/chart/crds/networking.istio.io_envoyfilters.yaml index 769bb9e23..de6ffe144 100644 --- a/chart/crds/networking.istio.io_envoyfilters.yaml +++ b/chart/crds/networking.istio.io_envoyfilters.yaml @@ -301,9 +301,8 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], - ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", - "ServiceEntry"]]' + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' maxItems: 16 type: array workloadSelector: @@ -316,7 +315,7 @@ spec: type: string x-kubernetes-validations: - message: wildcard is not supported in selector - rule: '!self.contains("*")' + rule: '!self.contains(''*'')' description: One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. maxProperties: 256 @@ -325,8 +324,7 @@ spec: type: object x-kubernetes-validations: - message: only one of targetRefs or workloadSelector can be set - rule: '(has(self.workloadSelector) ? 1 : 0) + (has(self.targetRefs) - ? 1 : 0) <= 1' + rule: (has(self.workloadSelector)?1:0)+(has(self.targetRefs)?1:0)<=1 status: properties: conditions: @@ -346,12 +344,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -368,6 +360,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. diff --git a/chart/crds/networking.istio.io_gateways.yaml b/chart/crds/networking.istio.io_gateways.yaml index ece08a057..0d29b562f 100644 --- a/chart/crds/networking.istio.io_gateways.yaml +++ b/chart/crds/networking.istio.io_gateways.yaml @@ -195,12 +195,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -217,6 +211,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. @@ -428,12 +424,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -450,6 +440,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. @@ -661,12 +653,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -683,6 +669,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. diff --git a/chart/crds/networking.istio.io_proxyconfigs.yaml b/chart/crds/networking.istio.io_proxyconfigs.yaml index ff7c7d9cc..7432a7498 100644 --- a/chart/crds/networking.istio.io_proxyconfigs.yaml +++ b/chart/crds/networking.istio.io_proxyconfigs.yaml @@ -57,14 +57,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains("*")' + rule: '!self.contains(''*'')' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains("*")) + rule: self.all(key, !key.contains('*')) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -88,12 +88,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -110,6 +104,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. diff --git a/chart/crds/networking.istio.io_serviceentries.yaml b/chart/crds/networking.istio.io_serviceentries.yaml index 9eeeb95eb..a87b1c236 100644 --- a/chart/crds/networking.istio.io_serviceentries.yaml +++ b/chart/crds/networking.istio.io_serviceentries.yaml @@ -71,11 +71,11 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith("unix://") ? (self.substring(7, 8) - == "/" || self.substring(7, 8) == "@") : true' + rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) + == ''/'' || self.substring(7,8) == ''@'') : true' - message: UDS may not be a dir - rule: 'self.startsWith("unix://") ? !self.endsWith("/") : - true' + rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') + : true' labels: additionalProperties: type: string @@ -104,7 +104,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) + rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -120,7 +120,7 @@ spec: - message: Address is required rule: has(self.address) || has(self.network) - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith("unix://")) + rule: '(has(self.address) && self.address.startsWith(''unix://'')) ? !has(self.ports) : true' maxItems: 4096 type: array @@ -135,7 +135,7 @@ spec: type: string x-kubernetes-validations: - message: hostname cannot be wildcard - rule: self != "*" + rule: self != '*' maxItems: 256 minItems: 1 type: array @@ -215,7 +215,7 @@ spec: type: string x-kubernetes-validations: - message: wildcard is not supported in selector - rule: '!self.contains("*")' + rule: '!self.contains(''*'')' description: One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. maxProperties: 256 @@ -226,20 +226,18 @@ spec: type: object x-kubernetes-validations: - message: only one of WorkloadSelector or Endpoints can be set - rule: '(has(self.workloadSelector) ? 1 : 0) + (has(self.endpoints) ? - 1 : 0) <= 1' + rule: (has(self.workloadSelector)?1:0)+(has(self.endpoints)?1:0)<=1 - message: CIDR addresses are allowed only for NONE/STATIC resolution types - rule: |- - !(has(self.addresses) && self.addresses.exists(k, k.contains("/")) && has(self.resolution) && - self.resolution != "STATIC" && self.resolution != "NONE") + rule: '!(has(self.addresses) && self.addresses.exists(k, k.contains(''/'')) + && (has(self.resolution) && self.resolution != ''STATIC'' && self.resolution + != ''NONE''))' - message: NONE mode cannot set endpoints - rule: '(!has(self.resolution) || self.resolution == "NONE") ? !has(self.endpoints) + rule: '(!has(self.resolution) || self.resolution == ''NONE'') ? !has(self.endpoints) : true' - message: DNS_ROUND_ROBIN mode cannot have multiple endpoints - rule: |- - (has(self.resolution) && self.resolution == "DNS_ROUND_ROBIN") ? (!has(self.endpoints) || - size(self.endpoints) == 1) : true + rule: '(has(self.resolution) && self.resolution == ''DNS_ROUND_ROBIN'') + ? (!has(self.endpoints) || size(self.endpoints) == 1) : true' status: properties: conditions: @@ -259,12 +257,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -281,6 +273,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. @@ -370,11 +364,11 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith("unix://") ? (self.substring(7, 8) - == "/" || self.substring(7, 8) == "@") : true' + rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) + == ''/'' || self.substring(7,8) == ''@'') : true' - message: UDS may not be a dir - rule: 'self.startsWith("unix://") ? !self.endsWith("/") : - true' + rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') + : true' labels: additionalProperties: type: string @@ -403,7 +397,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) + rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -419,7 +413,7 @@ spec: - message: Address is required rule: has(self.address) || has(self.network) - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith("unix://")) + rule: '(has(self.address) && self.address.startsWith(''unix://'')) ? !has(self.ports) : true' maxItems: 4096 type: array @@ -434,7 +428,7 @@ spec: type: string x-kubernetes-validations: - message: hostname cannot be wildcard - rule: self != "*" + rule: self != '*' maxItems: 256 minItems: 1 type: array @@ -514,7 +508,7 @@ spec: type: string x-kubernetes-validations: - message: wildcard is not supported in selector - rule: '!self.contains("*")' + rule: '!self.contains(''*'')' description: One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. maxProperties: 256 @@ -525,20 +519,18 @@ spec: type: object x-kubernetes-validations: - message: only one of WorkloadSelector or Endpoints can be set - rule: '(has(self.workloadSelector) ? 1 : 0) + (has(self.endpoints) ? - 1 : 0) <= 1' + rule: (has(self.workloadSelector)?1:0)+(has(self.endpoints)?1:0)<=1 - message: CIDR addresses are allowed only for NONE/STATIC resolution types - rule: |- - !(has(self.addresses) && self.addresses.exists(k, k.contains("/")) && has(self.resolution) && - self.resolution != "STATIC" && self.resolution != "NONE") + rule: '!(has(self.addresses) && self.addresses.exists(k, k.contains(''/'')) + && (has(self.resolution) && self.resolution != ''STATIC'' && self.resolution + != ''NONE''))' - message: NONE mode cannot set endpoints - rule: '(!has(self.resolution) || self.resolution == "NONE") ? !has(self.endpoints) + rule: '(!has(self.resolution) || self.resolution == ''NONE'') ? !has(self.endpoints) : true' - message: DNS_ROUND_ROBIN mode cannot have multiple endpoints - rule: |- - (has(self.resolution) && self.resolution == "DNS_ROUND_ROBIN") ? (!has(self.endpoints) || - size(self.endpoints) == 1) : true + rule: '(has(self.resolution) && self.resolution == ''DNS_ROUND_ROBIN'') + ? (!has(self.endpoints) || size(self.endpoints) == 1) : true' status: properties: conditions: @@ -558,12 +550,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -580,6 +566,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. @@ -669,11 +657,11 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith("unix://") ? (self.substring(7, 8) - == "/" || self.substring(7, 8) == "@") : true' + rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) + == ''/'' || self.substring(7,8) == ''@'') : true' - message: UDS may not be a dir - rule: 'self.startsWith("unix://") ? !self.endsWith("/") : - true' + rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') + : true' labels: additionalProperties: type: string @@ -702,7 +690,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) + rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -718,7 +706,7 @@ spec: - message: Address is required rule: has(self.address) || has(self.network) - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith("unix://")) + rule: '(has(self.address) && self.address.startsWith(''unix://'')) ? !has(self.ports) : true' maxItems: 4096 type: array @@ -733,7 +721,7 @@ spec: type: string x-kubernetes-validations: - message: hostname cannot be wildcard - rule: self != "*" + rule: self != '*' maxItems: 256 minItems: 1 type: array @@ -813,7 +801,7 @@ spec: type: string x-kubernetes-validations: - message: wildcard is not supported in selector - rule: '!self.contains("*")' + rule: '!self.contains(''*'')' description: One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. maxProperties: 256 @@ -824,20 +812,18 @@ spec: type: object x-kubernetes-validations: - message: only one of WorkloadSelector or Endpoints can be set - rule: '(has(self.workloadSelector) ? 1 : 0) + (has(self.endpoints) ? - 1 : 0) <= 1' + rule: (has(self.workloadSelector)?1:0)+(has(self.endpoints)?1:0)<=1 - message: CIDR addresses are allowed only for NONE/STATIC resolution types - rule: |- - !(has(self.addresses) && self.addresses.exists(k, k.contains("/")) && has(self.resolution) && - self.resolution != "STATIC" && self.resolution != "NONE") + rule: '!(has(self.addresses) && self.addresses.exists(k, k.contains(''/'')) + && (has(self.resolution) && self.resolution != ''STATIC'' && self.resolution + != ''NONE''))' - message: NONE mode cannot set endpoints - rule: '(!has(self.resolution) || self.resolution == "NONE") ? !has(self.endpoints) + rule: '(!has(self.resolution) || self.resolution == ''NONE'') ? !has(self.endpoints) : true' - message: DNS_ROUND_ROBIN mode cannot have multiple endpoints - rule: |- - (has(self.resolution) && self.resolution == "DNS_ROUND_ROBIN") ? (!has(self.endpoints) || - size(self.endpoints) == 1) : true + rule: '(has(self.resolution) && self.resolution == ''DNS_ROUND_ROBIN'') + ? (!has(self.endpoints) || size(self.endpoints) == 1) : true' status: properties: conditions: @@ -857,12 +843,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -879,6 +859,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. diff --git a/chart/crds/networking.istio.io_sidecars.yaml b/chart/crds/networking.istio.io_sidecars.yaml index acda4e66c..560e8fbb1 100644 --- a/chart/crds/networking.istio.io_sidecars.yaml +++ b/chart/crds/networking.istio.io_sidecars.yaml @@ -476,7 +476,7 @@ spec: type: string x-kubernetes-validations: - message: wildcard is not supported in selector - rule: '!self.contains("*")' + rule: '!self.contains(''*'')' description: One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. maxProperties: 256 @@ -502,12 +502,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -524,6 +518,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. @@ -1018,7 +1014,7 @@ spec: type: string x-kubernetes-validations: - message: wildcard is not supported in selector - rule: '!self.contains("*")' + rule: '!self.contains(''*'')' description: One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. maxProperties: 256 @@ -1044,12 +1040,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -1066,6 +1056,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. @@ -1560,7 +1552,7 @@ spec: type: string x-kubernetes-validations: - message: wildcard is not supported in selector - rule: '!self.contains("*")' + rule: '!self.contains(''*'')' description: One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. maxProperties: 256 @@ -1586,12 +1578,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -1608,6 +1594,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. diff --git a/chart/crds/networking.istio.io_virtualservices.yaml b/chart/crds/networking.istio.io_virtualservices.yaml index 39e31750c..8a49cfad3 100644 --- a/chart/crds/networking.istio.io_virtualservices.yaml +++ b/chart/crds/networking.istio.io_virtualservices.yaml @@ -1002,12 +1002,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -1024,6 +1018,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. @@ -2042,12 +2038,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -2064,6 +2054,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. @@ -3082,12 +3074,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -3104,6 +3090,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. diff --git a/chart/crds/networking.istio.io_workloadentries.yaml b/chart/crds/networking.istio.io_workloadentries.yaml index ac933d4c8..cf682cd2d 100644 --- a/chart/crds/networking.istio.io_workloadentries.yaml +++ b/chart/crds/networking.istio.io_workloadentries.yaml @@ -51,10 +51,10 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith("unix://") ? (self.substring(7, 8) == "/" - || self.substring(7, 8) == "@") : true' + rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) == ''/'' + || self.substring(7,8) == ''@'') : true' - message: UDS may not be a dir - rule: 'self.startsWith("unix://") ? !self.endsWith("/") : true' + rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') : true' labels: additionalProperties: type: string @@ -83,7 +83,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) + rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -99,8 +99,8 @@ spec: - message: Address is required rule: has(self.address) || has(self.network) - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith("unix://")) ? !has(self.ports) - : true' + rule: '(has(self.address) && self.address.startsWith(''unix://'')) ? + !has(self.ports) : true' status: properties: conditions: @@ -120,12 +120,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -142,6 +136,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. @@ -211,10 +207,10 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith("unix://") ? (self.substring(7, 8) == "/" - || self.substring(7, 8) == "@") : true' + rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) == ''/'' + || self.substring(7,8) == ''@'') : true' - message: UDS may not be a dir - rule: 'self.startsWith("unix://") ? !self.endsWith("/") : true' + rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') : true' labels: additionalProperties: type: string @@ -243,7 +239,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) + rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -259,8 +255,8 @@ spec: - message: Address is required rule: has(self.address) || has(self.network) - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith("unix://")) ? !has(self.ports) - : true' + rule: '(has(self.address) && self.address.startsWith(''unix://'')) ? + !has(self.ports) : true' status: properties: conditions: @@ -280,12 +276,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -302,6 +292,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. @@ -371,10 +363,10 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith("unix://") ? (self.substring(7, 8) == "/" - || self.substring(7, 8) == "@") : true' + rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) == ''/'' + || self.substring(7,8) == ''@'') : true' - message: UDS may not be a dir - rule: 'self.startsWith("unix://") ? !self.endsWith("/") : true' + rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') : true' labels: additionalProperties: type: string @@ -403,7 +395,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) + rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -419,8 +411,8 @@ spec: - message: Address is required rule: has(self.address) || has(self.network) - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith("unix://")) ? !has(self.ports) - : true' + rule: '(has(self.address) && self.address.startsWith(''unix://'')) ? + !has(self.ports) : true' status: properties: conditions: @@ -440,12 +432,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -462,6 +448,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. diff --git a/chart/crds/networking.istio.io_workloadgroups.yaml b/chart/crds/networking.istio.io_workloadgroups.yaml index 5796474b2..9f06ab833 100644 --- a/chart/crds/networking.istio.io_workloadgroups.yaml +++ b/chart/crds/networking.istio.io_workloadgroups.yaml @@ -64,16 +64,12 @@ spec: - tcpSocket - required: - exec - - required: - - grpc - required: - httpGet - required: - tcpSocket - required: - exec - - required: - - grpc properties: exec: description: Health is determined by how the command that is executed @@ -94,21 +90,6 @@ spec: format: int32 minimum: 0 type: integer - grpc: - description: GRPC call is made and response/error is used to determine - health. - properties: - port: - description: Port on which the endpoint lives. - maximum: 4294967295 - minimum: 0 - type: integer - x-kubernetes-validations: - - message: port must be between 1-65535 - rule: 0 < self && self <= 65535 - service: - type: string - type: object httpGet: description: '`httpGet` is performed to a given endpoint and the status/able to connect determines health.' @@ -143,7 +124,7 @@ spec: type: string x-kubernetes-validations: - message: scheme must be one of [HTTP, HTTPS] - rule: self in ["", "HTTP", "HTTPS"] + rule: self in ['', 'HTTP', 'HTTPS'] required: - port type: object @@ -196,10 +177,11 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith("unix://") ? (self.substring(7, 8) == - "/" || self.substring(7, 8) == "@") : true' + rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) == + ''/'' || self.substring(7,8) == ''@'') : true' - message: UDS may not be a dir - rule: 'self.startsWith("unix://") ? !self.endsWith("/") : true' + rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') + : true' labels: additionalProperties: type: string @@ -228,7 +210,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) + rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -242,7 +224,7 @@ spec: type: object x-kubernetes-validations: - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith("unix://")) + rule: '(has(self.address) && self.address.startsWith(''unix://'')) ? !has(self.ports) : true' required: - template @@ -266,12 +248,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -288,6 +264,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. @@ -372,16 +350,12 @@ spec: - tcpSocket - required: - exec - - required: - - grpc - required: - httpGet - required: - tcpSocket - required: - exec - - required: - - grpc properties: exec: description: Health is determined by how the command that is executed @@ -402,21 +376,6 @@ spec: format: int32 minimum: 0 type: integer - grpc: - description: GRPC call is made and response/error is used to determine - health. - properties: - port: - description: Port on which the endpoint lives. - maximum: 4294967295 - minimum: 0 - type: integer - x-kubernetes-validations: - - message: port must be between 1-65535 - rule: 0 < self && self <= 65535 - service: - type: string - type: object httpGet: description: '`httpGet` is performed to a given endpoint and the status/able to connect determines health.' @@ -451,7 +410,7 @@ spec: type: string x-kubernetes-validations: - message: scheme must be one of [HTTP, HTTPS] - rule: self in ["", "HTTP", "HTTPS"] + rule: self in ['', 'HTTP', 'HTTPS'] required: - port type: object @@ -504,10 +463,11 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith("unix://") ? (self.substring(7, 8) == - "/" || self.substring(7, 8) == "@") : true' + rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) == + ''/'' || self.substring(7,8) == ''@'') : true' - message: UDS may not be a dir - rule: 'self.startsWith("unix://") ? !self.endsWith("/") : true' + rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') + : true' labels: additionalProperties: type: string @@ -536,7 +496,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) + rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -550,7 +510,7 @@ spec: type: object x-kubernetes-validations: - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith("unix://")) + rule: '(has(self.address) && self.address.startsWith(''unix://'')) ? !has(self.ports) : true' required: - template @@ -574,12 +534,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -596,6 +550,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. @@ -680,16 +636,12 @@ spec: - tcpSocket - required: - exec - - required: - - grpc - required: - httpGet - required: - tcpSocket - required: - exec - - required: - - grpc properties: exec: description: Health is determined by how the command that is executed @@ -710,21 +662,6 @@ spec: format: int32 minimum: 0 type: integer - grpc: - description: GRPC call is made and response/error is used to determine - health. - properties: - port: - description: Port on which the endpoint lives. - maximum: 4294967295 - minimum: 0 - type: integer - x-kubernetes-validations: - - message: port must be between 1-65535 - rule: 0 < self && self <= 65535 - service: - type: string - type: object httpGet: description: '`httpGet` is performed to a given endpoint and the status/able to connect determines health.' @@ -759,7 +696,7 @@ spec: type: string x-kubernetes-validations: - message: scheme must be one of [HTTP, HTTPS] - rule: self in ["", "HTTP", "HTTPS"] + rule: self in ['', 'HTTP', 'HTTPS'] required: - port type: object @@ -812,10 +749,11 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith("unix://") ? (self.substring(7, 8) == - "/" || self.substring(7, 8) == "@") : true' + rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) == + ''/'' || self.substring(7,8) == ''@'') : true' - message: UDS may not be a dir - rule: 'self.startsWith("unix://") ? !self.endsWith("/") : true' + rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') + : true' labels: additionalProperties: type: string @@ -844,7 +782,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) + rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -858,7 +796,7 @@ spec: type: object x-kubernetes-validations: - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith("unix://")) + rule: '(has(self.address) && self.address.startsWith(''unix://'')) ? !has(self.ports) : true' required: - template @@ -882,12 +820,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -904,6 +836,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. diff --git a/chart/crds/sailoperator.io_istiocnis.yaml b/chart/crds/sailoperator.io_istiocnis.yaml index 5bfd85ec9..fc092577b 100644 --- a/chart/crds/sailoperator.io_istiocnis.yaml +++ b/chart/crds/sailoperator.io_istiocnis.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.17.1 + controller-gen.kubebuilder.io/version: v0.17.2 name: istiocnis.sailoperator.io spec: group: sailoperator.io diff --git a/chart/crds/sailoperator.io_istiorevisions.yaml b/chart/crds/sailoperator.io_istiorevisions.yaml index 7debd937d..d6e58b2e1 100644 --- a/chart/crds/sailoperator.io_istiorevisions.yaml +++ b/chart/crds/sailoperator.io_istiorevisions.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.17.1 + controller-gen.kubebuilder.io/version: v0.17.2 name: istiorevisions.sailoperator.io spec: group: sailoperator.io diff --git a/chart/crds/sailoperator.io_istiorevisiontags.yaml b/chart/crds/sailoperator.io_istiorevisiontags.yaml index b8bce0d83..0ad41dd81 100644 --- a/chart/crds/sailoperator.io_istiorevisiontags.yaml +++ b/chart/crds/sailoperator.io_istiorevisiontags.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.17.1 + controller-gen.kubebuilder.io/version: v0.17.2 name: istiorevisiontags.sailoperator.io spec: group: sailoperator.io diff --git a/chart/crds/sailoperator.io_istios.yaml b/chart/crds/sailoperator.io_istios.yaml index 90a74d591..c5dd11664 100644 --- a/chart/crds/sailoperator.io_istios.yaml +++ b/chart/crds/sailoperator.io_istios.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.17.1 + controller-gen.kubebuilder.io/version: v0.17.2 name: istios.sailoperator.io spec: group: sailoperator.io diff --git a/chart/crds/sailoperator.io_ztunnels.yaml b/chart/crds/sailoperator.io_ztunnels.yaml index 3d7049e18..ffdf17a18 100644 --- a/chart/crds/sailoperator.io_ztunnels.yaml +++ b/chart/crds/sailoperator.io_ztunnels.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.17.1 + controller-gen.kubebuilder.io/version: v0.17.2 name: ztunnels.sailoperator.io spec: group: sailoperator.io diff --git a/chart/crds/security.istio.io_authorizationpolicies.yaml b/chart/crds/security.istio.io_authorizationpolicies.yaml index 1f474c458..0f72f71e1 100644 --- a/chart/crds/security.istio.io_authorizationpolicies.yaml +++ b/chart/crds/security.istio.io_authorizationpolicies.yaml @@ -116,13 +116,6 @@ spec: items: type: string type: array - notServiceAccounts: - description: Optional. - items: - maxLength: 320 - type: string - maxItems: 16 - type: array principals: description: Optional. items: @@ -138,22 +131,8 @@ spec: items: type: string type: array - serviceAccounts: - description: Optional. - items: - maxLength: 320 - type: string - maxItems: 16 - type: array type: object - x-kubernetes-validations: - - message: Cannot set serviceAccounts with namespaces - or principals - rule: |- - (has(self.serviceAccounts) || has(self.notServiceAccounts)) ? (!has(self.principals) && - !has(self.notPrincipals) && !has(self.namespaces) && !has(self.notNamespaces)) : true type: object - maxItems: 512 type: array to: description: Optional. @@ -227,7 +206,6 @@ spec: type: object type: array type: object - maxItems: 512 type: array selector: description: Optional. @@ -238,14 +216,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains("*")' + rule: '!self.contains(''*'')' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains("*")) + rule: self.all(key, !key.contains('*')) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -280,9 +258,8 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], - ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", - "ServiceEntry"]]' + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' targetRefs: description: Optional. items: @@ -316,16 +293,14 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], - ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", - "ServiceEntry"]]' + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' maxItems: 16 type: array type: object x-kubernetes-validations: - message: only one of targetRefs or selector can be set - rule: '(has(self.selector) ? 1 : 0) + (has(self.targetRef) ? 1 : 0) - + (has(self.targetRefs) ? 1 : 0) <= 1' + rule: (has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1 status: properties: conditions: @@ -345,12 +320,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -367,6 +336,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. @@ -498,13 +469,6 @@ spec: items: type: string type: array - notServiceAccounts: - description: Optional. - items: - maxLength: 320 - type: string - maxItems: 16 - type: array principals: description: Optional. items: @@ -520,22 +484,8 @@ spec: items: type: string type: array - serviceAccounts: - description: Optional. - items: - maxLength: 320 - type: string - maxItems: 16 - type: array type: object - x-kubernetes-validations: - - message: Cannot set serviceAccounts with namespaces - or principals - rule: |- - (has(self.serviceAccounts) || has(self.notServiceAccounts)) ? (!has(self.principals) && - !has(self.notPrincipals) && !has(self.namespaces) && !has(self.notNamespaces)) : true type: object - maxItems: 512 type: array to: description: Optional. @@ -609,7 +559,6 @@ spec: type: object type: array type: object - maxItems: 512 type: array selector: description: Optional. @@ -620,14 +569,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains("*")' + rule: '!self.contains(''*'')' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains("*")) + rule: self.all(key, !key.contains('*')) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -662,9 +611,8 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], - ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", - "ServiceEntry"]]' + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' targetRefs: description: Optional. items: @@ -698,16 +646,14 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], - ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", - "ServiceEntry"]]' + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' maxItems: 16 type: array type: object x-kubernetes-validations: - message: only one of targetRefs or selector can be set - rule: '(has(self.selector) ? 1 : 0) + (has(self.targetRef) ? 1 : 0) - + (has(self.targetRefs) ? 1 : 0) <= 1' + rule: (has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1 status: properties: conditions: @@ -727,12 +673,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -749,6 +689,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. diff --git a/chart/crds/security.istio.io_peerauthentications.yaml b/chart/crds/security.istio.io_peerauthentications.yaml index e2692039b..3d6895db5 100644 --- a/chart/crds/security.istio.io_peerauthentications.yaml +++ b/chart/crds/security.istio.io_peerauthentications.yaml @@ -91,23 +91,22 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains("*")' + rule: '!self.contains(''*'')' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains("*")) + rule: self.all(key, !key.contains('*')) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object type: object x-kubernetes-validations: - message: portLevelMtls requires selector - rule: |- - has(self.selector) && has(self.selector.matchLabels) && self.selector.matchLabels.size() > 0 || - !has(self.portLevelMtls) + rule: (has(self.selector) && has(self.selector.matchLabels) && self.selector.matchLabels.size() + > 0) || !has(self.portLevelMtls) status: properties: conditions: @@ -127,12 +126,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -149,6 +142,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. @@ -255,23 +250,22 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains("*")' + rule: '!self.contains(''*'')' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains("*")) + rule: self.all(key, !key.contains('*')) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object type: object x-kubernetes-validations: - message: portLevelMtls requires selector - rule: |- - has(self.selector) && has(self.selector.matchLabels) && self.selector.matchLabels.size() > 0 || - !has(self.portLevelMtls) + rule: (has(self.selector) && has(self.selector.matchLabels) && self.selector.matchLabels.size() + > 0) || !has(self.portLevelMtls) status: properties: conditions: @@ -291,12 +285,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -313,6 +301,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. diff --git a/chart/crds/security.istio.io_requestauthentications.yaml b/chart/crds/security.istio.io_requestauthentications.yaml index d060a1127..53fe59d32 100644 --- a/chart/crds/security.istio.io_requestauthentications.yaml +++ b/chart/crds/security.istio.io_requestauthentications.yaml @@ -92,7 +92,7 @@ spec: type: string x-kubernetes-validations: - message: url must have scheme http:// or https:// - rule: url(self).getScheme() in ["http", "https"] + rule: url(self).getScheme() in ['http', 'https'] jwksUri: description: URL of the provider's public key set to validate signature of the JWT. @@ -101,7 +101,7 @@ spec: type: string x-kubernetes-validations: - message: url must have scheme http:// or https:// - rule: url(self).getScheme() in ["http", "https"] + rule: url(self).getScheme() in ['http', 'https'] outputClaimToHeaders: description: This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token. @@ -138,8 +138,7 @@ spec: type: object x-kubernetes-validations: - message: only one of jwks or jwksUri can be set - rule: '(has(self.jwksUri) ? 1 : 0) + (has(self.jwks_uri) ? 1 : - 0) + (has(self.jwks) ? 1 : 0) <= 1' + rule: (has(self.jwksUri)?1:0)+(has(self.jwks_uri)?1:0)+(has(self.jwks)?1:0)<=1 maxItems: 4096 type: array selector: @@ -151,14 +150,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains("*")' + rule: '!self.contains(''*'')' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains("*")) + rule: self.all(key, !key.contains('*')) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -193,9 +192,8 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], - ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", - "ServiceEntry"]]' + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' targetRefs: description: Optional. items: @@ -229,16 +227,14 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], - ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", - "ServiceEntry"]]' + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' maxItems: 16 type: array type: object x-kubernetes-validations: - message: only one of targetRefs or selector can be set - rule: '(has(self.selector) ? 1 : 0) + (has(self.targetRef) ? 1 : 0) - + (has(self.targetRefs) ? 1 : 0) <= 1' + rule: (has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1 status: properties: conditions: @@ -258,12 +254,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -280,6 +270,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. @@ -387,7 +379,7 @@ spec: type: string x-kubernetes-validations: - message: url must have scheme http:// or https:// - rule: url(self).getScheme() in ["http", "https"] + rule: url(self).getScheme() in ['http', 'https'] jwksUri: description: URL of the provider's public key set to validate signature of the JWT. @@ -396,7 +388,7 @@ spec: type: string x-kubernetes-validations: - message: url must have scheme http:// or https:// - rule: url(self).getScheme() in ["http", "https"] + rule: url(self).getScheme() in ['http', 'https'] outputClaimToHeaders: description: This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token. @@ -433,8 +425,7 @@ spec: type: object x-kubernetes-validations: - message: only one of jwks or jwksUri can be set - rule: '(has(self.jwksUri) ? 1 : 0) + (has(self.jwks_uri) ? 1 : - 0) + (has(self.jwks) ? 1 : 0) <= 1' + rule: (has(self.jwksUri)?1:0)+(has(self.jwks_uri)?1:0)+(has(self.jwks)?1:0)<=1 maxItems: 4096 type: array selector: @@ -446,14 +437,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains("*")' + rule: '!self.contains(''*'')' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains("*")) + rule: self.all(key, !key.contains('*')) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -488,9 +479,8 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], - ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", - "ServiceEntry"]]' + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' targetRefs: description: Optional. items: @@ -524,16 +514,14 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], - ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", - "ServiceEntry"]]' + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' maxItems: 16 type: array type: object x-kubernetes-validations: - message: only one of targetRefs or selector can be set - rule: '(has(self.selector) ? 1 : 0) + (has(self.targetRef) ? 1 : 0) - + (has(self.targetRefs) ? 1 : 0) <= 1' + rule: (has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1 status: properties: conditions: @@ -553,12 +541,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -575,6 +557,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. diff --git a/chart/crds/telemetry.istio.io_telemetries.yaml b/chart/crds/telemetry.istio.io_telemetries.yaml index 117a06d9a..c858b2995 100644 --- a/chart/crds/telemetry.istio.io_telemetries.yaml +++ b/chart/crds/telemetry.istio.io_telemetries.yaml @@ -164,11 +164,11 @@ spec: type: object x-kubernetes-validations: - message: value must be set when operation is UPSERT - rule: '((has(self.operation) ? self.operation : "") - == "UPSERT") ? (self.value != "") : true' + rule: '((has(self.operation) ? self.operation : '''') + == ''UPSERT'') ? self.value != '''' : true' - message: value must not be set when operation is REMOVE - rule: '((has(self.operation) ? self.operation : "") - == "REMOVE") ? !has(self.value) : true' + rule: '((has(self.operation) ? self.operation : '''') + == ''REMOVE'') ? !has(self.value) : true' description: Optional. type: object type: object @@ -202,14 +202,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains("*")' + rule: '!self.contains(''*'')' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains("*")) + rule: self.all(key, !key.contains('*')) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -244,9 +244,8 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], - ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", - "ServiceEntry"]]' + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' targetRefs: description: Optional. items: @@ -280,9 +279,8 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], - ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", - "ServiceEntry"]]' + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' maxItems: 16 type: array tracing: @@ -355,11 +353,6 @@ spec: description: Controls span reporting. nullable: true type: boolean - enableIstioTags: - description: Determines whether or not trace spans generated - by Envoy will include Istio specific tags. - nullable: true - type: boolean match: description: Allows tailoring of behavior to specific conditions. properties: @@ -402,8 +395,7 @@ spec: type: object x-kubernetes-validations: - message: only one of targetRefs or selector can be set - rule: '(has(self.selector) ? 1 : 0) + (has(self.targetRef) ? 1 : 0) - + (has(self.targetRefs) ? 1 : 0) <= 1' + rule: (has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1 status: properties: conditions: @@ -423,12 +415,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -445,6 +431,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. @@ -624,11 +612,11 @@ spec: type: object x-kubernetes-validations: - message: value must be set when operation is UPSERT - rule: '((has(self.operation) ? self.operation : "") - == "UPSERT") ? (self.value != "") : true' + rule: '((has(self.operation) ? self.operation : '''') + == ''UPSERT'') ? self.value != '''' : true' - message: value must not be set when operation is REMOVE - rule: '((has(self.operation) ? self.operation : "") - == "REMOVE") ? !has(self.value) : true' + rule: '((has(self.operation) ? self.operation : '''') + == ''REMOVE'') ? !has(self.value) : true' description: Optional. type: object type: object @@ -662,14 +650,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains("*")' + rule: '!self.contains(''*'')' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains("*")) + rule: self.all(key, !key.contains('*')) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -704,9 +692,8 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], - ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", - "ServiceEntry"]]' + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' targetRefs: description: Optional. items: @@ -740,9 +727,8 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], - ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", - "ServiceEntry"]]' + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' maxItems: 16 type: array tracing: @@ -815,11 +801,6 @@ spec: description: Controls span reporting. nullable: true type: boolean - enableIstioTags: - description: Determines whether or not trace spans generated - by Envoy will include Istio specific tags. - nullable: true - type: boolean match: description: Allows tailoring of behavior to specific conditions. properties: @@ -862,8 +843,7 @@ spec: type: object x-kubernetes-validations: - message: only one of targetRefs or selector can be set - rule: '(has(self.selector) ? 1 : 0) + (has(self.targetRef) ? 1 : 0) - + (has(self.targetRefs) ? 1 : 0) <= 1' + rule: (has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1 status: properties: conditions: @@ -883,12 +863,6 @@ spec: description: Human-readable message indicating details about last transition. type: string - observedGeneration: - anyOf: - - type: integer - - type: string - description: Resource Generation to which the Condition refers. - x-kubernetes-int-or-string: true reason: description: Unique, one-word, CamelCase reason for the condition's last transition. @@ -905,6 +879,8 @@ spec: anyOf: - type: integer - type: string + description: Resource Generation to which the Reconciled Condition + refers. x-kubernetes-int-or-string: true validationMessages: description: Includes any errors or warnings detected by Istio's analyzers. diff --git a/chart/values.yaml b/chart/values.yaml index c6d1dcedf..401eb17be 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -19,9 +19,11 @@ csv: This version of the operator supports the following Istio versions: - v1.24-latest + - v1.24.3 - v1.24.2 - v1.24.1 - v1.23-latest + - v1.23.5 - v1.23.4 - v1.23.3 - v1.23.0 diff --git a/go.mod b/go.mod index de96a9aae..17b5b6a1c 100644 --- a/go.mod +++ b/go.mod @@ -25,8 +25,8 @@ require ( gomodules.xyz/jsonpatch/v2 v2.4.0 gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.16.3 - istio.io/client-go v1.24.2 - istio.io/istio v0.0.0-20250123082358-a7bb627c07d0 + istio.io/client-go v1.24.3 + istio.io/istio v0.0.0-20250130153555-44d0e58e49d0 k8s.io/api v0.32.0 k8s.io/apiextensions-apiserver v0.32.0 k8s.io/apimachinery v0.32.0 diff --git a/go.sum b/go.sum index 9a286c888..2b1943880 100644 --- a/go.sum +++ b/go.sum @@ -163,8 +163,8 @@ github.com/goccy/go-yaml v1.12.0/go.mod h1:wKnAMd44+9JAAnGQpWVEgBzGt3YuTaQ4uXoHv github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 h1:f+oWsMOmNPc8JmEHVZIycC7hBoQxHH9pNKQORJNozsQ= -github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8/go.mod h1:wcDNUvekVysuuOpQKo3191zZyTpiI6se1N1ULghS0sw= +github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= +github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -411,8 +411,8 @@ go.opentelemetry.io/otel/metric v1.33.0 h1:r+JOocAyeRVXD8lZpjdQjzMadVZp2M4WmQ+5W go.opentelemetry.io/otel/metric v1.33.0/go.mod h1:L9+Fyctbp6HFTddIxClbQkjtubW6O9QS3Ann/M82u6M= go.opentelemetry.io/otel/sdk v1.33.0 h1:iax7M131HuAm9QkZotNHEfstof92xM+N8sr3uHXc2IM= go.opentelemetry.io/otel/sdk v1.33.0/go.mod h1:A1Q5oi7/9XaMlIWzPSxLRWOI8nG3FnzHJNbiENQuihM= -go.opentelemetry.io/otel/sdk/metric v1.33.0 h1:Gs5VK9/WUJhNXZgn8MR6ITatvAmKeIuCtNbsP3JkNqU= -go.opentelemetry.io/otel/sdk/metric v1.33.0/go.mod h1:dL5ykHZmm1B1nVRk9dDjChwDmt81MjVp3gLkQRwKf/Q= +go.opentelemetry.io/otel/sdk/metric v1.31.0 h1:i9hxxLJF/9kkvfHppyLL55aW7iIJz4JjxTeYusH7zMc= +go.opentelemetry.io/otel/sdk/metric v1.31.0/go.mod h1:CRInTMVvNhUKgSAMbKyTMxqOBC0zgyxzW55lZzX43Y8= go.opentelemetry.io/otel/trace v1.33.0 h1:cCJuF7LRjUFso9LPnEAHJDB2pqzp+hbO8eu1qqW2d/s= go.opentelemetry.io/otel/trace v1.33.0/go.mod h1:uIcdVUZMpTAmz0tI1z04GoVSezK37CbGV4fr1f2nBck= go.opentelemetry.io/proto/otlp v1.4.0 h1:TA9WRvW6zMwP+Ssb6fLoUIuirti1gGbP28GcKG1jgeg= @@ -518,10 +518,10 @@ helm.sh/helm/v3 v3.16.3 h1:kb8bSxMeRJ+knsK/ovvlaVPfdis0X3/ZhYCSFRP+YmY= helm.sh/helm/v3 v3.16.3/go.mod h1:zeVWGDR4JJgiRbT3AnNsjYaX8OTJlIE9zC+Q7F7iUSU= istio.io/api v1.24.3-0.20250110021705-fef7700e8ddf h1:T/0/73F7PxdDo4JaX6b7jfxn2/1LCQ5TKWc1tJBEQkQ= istio.io/api v1.24.3-0.20250110021705-fef7700e8ddf/go.mod h1:MQnRok7RZ20/PE56v0LxmoWH0xVxnCQPNuf9O7PAN1I= -istio.io/client-go v1.24.2 h1:JTTfBV6dv+AAW+AfccyrdX4T1f9CpsXd1Yzo1s/IYAI= -istio.io/client-go v1.24.2/go.mod h1:dgZ9EmJzh1EECzf6nQhwNL4R6RvlyeH/RXeNeNp/MRg= -istio.io/istio v0.0.0-20250123082358-a7bb627c07d0 h1:mUh9sxf2kKB4Ep3hss1TfLcn/mog4apf5gnqj/uadxM= -istio.io/istio v0.0.0-20250123082358-a7bb627c07d0/go.mod h1:gwxuNcyDdTWkypGK2J6ENSeGrNfIzWBsxGLsm5MHpRA= +istio.io/client-go v1.24.3 h1:TB8IcM3yyMCDzKRJo0YfFOUGNQmkhwH/JE/Yr3lzVAk= +istio.io/client-go v1.24.3/go.mod h1:zSyw/c4luKQKosFIHQaWAQOA0c3bODu4SahQCAMlKA4= +istio.io/istio v0.0.0-20250130153555-44d0e58e49d0 h1:s4VIhadWtBFH5C737CaVg5JK0kdM5s5C0R3aVgJao2s= +istio.io/istio v0.0.0-20250130153555-44d0e58e49d0/go.mod h1:cl91HRVtliYL+JUXarnIyfnRg41zJjAvfR7aOqHpYto= k8s.io/api v0.32.0 h1:OL9JpbvAU5ny9ga2fb24X8H6xQlVp+aJMFlgtQjR9CE= k8s.io/api v0.32.0/go.mod h1:4LEwHZEf6Q/cG96F3dqR965sYOfmPM7rq81BLgsE0p0= k8s.io/apiextensions-apiserver v0.32.0 h1:S0Xlqt51qzzqjKPxfgX1xh4HBZE+p8KKBq+k2SWNOE0= diff --git a/pkg/istioversion/versions.yaml b/pkg/istioversion/versions.yaml index 2d09443b4..729d74129 100644 --- a/pkg/istioversion/versions.yaml +++ b/pkg/istioversion/versions.yaml @@ -11,60 +11,81 @@ # go.mod affect the generated API schema for the Sail CRDs (e.g. IstioRevision), # as well as all the Istio CRDs (e.g. VirtualService). versions: -- name: v1.24-latest - ref: v1.24.2 -- name: v1.24.2 - version: 1.24.2 - repo: https://github.com/istio/istio - commit: 1.24.2 - charts: - - https://istio-release.storage.googleapis.com/charts/base-1.24.2.tgz - - https://istio-release.storage.googleapis.com/charts/istiod-1.24.2.tgz - - https://istio-release.storage.googleapis.com/charts/gateway-1.24.2.tgz - - https://istio-release.storage.googleapis.com/charts/cni-1.24.2.tgz - - https://istio-release.storage.googleapis.com/charts/ztunnel-1.24.2.tgz -- name: v1.24.1 - version: 1.24.1 - repo: https://github.com/istio/istio - commit: 1.24.1 - charts: - - https://istio-release.storage.googleapis.com/charts/base-1.24.1.tgz - - https://istio-release.storage.googleapis.com/charts/istiod-1.24.1.tgz - - https://istio-release.storage.googleapis.com/charts/gateway-1.24.1.tgz - - https://istio-release.storage.googleapis.com/charts/cni-1.24.1.tgz - - https://istio-release.storage.googleapis.com/charts/ztunnel-1.24.1.tgz -- name: v1.23-latest - ref: v1.23.4 -- name: v1.23.4 - version: 1.23.4 - repo: https://github.com/istio/istio - commit: 1.23.4 - charts: - - https://istio-release.storage.googleapis.com/charts/base-1.23.4.tgz - - https://istio-release.storage.googleapis.com/charts/istiod-1.23.4.tgz - - https://istio-release.storage.googleapis.com/charts/istiod-remote-1.23.4.tgz - - https://istio-release.storage.googleapis.com/charts/gateway-1.23.4.tgz - - https://istio-release.storage.googleapis.com/charts/cni-1.23.4.tgz - - https://istio-release.storage.googleapis.com/charts/ztunnel-1.23.4.tgz -- name: v1.23.3 - version: 1.23.3 - repo: https://github.com/istio/istio - commit: 1.23.3 - charts: - - https://istio-release.storage.googleapis.com/charts/base-1.23.3.tgz - - https://istio-release.storage.googleapis.com/charts/istiod-1.23.3.tgz - - https://istio-release.storage.googleapis.com/charts/istiod-remote-1.23.3.tgz - - https://istio-release.storage.googleapis.com/charts/gateway-1.23.3.tgz - - https://istio-release.storage.googleapis.com/charts/cni-1.23.3.tgz - - https://istio-release.storage.googleapis.com/charts/ztunnel-1.23.3.tgz -- name: v1.23.0 - version: 1.23.0 - repo: https://github.com/istio/istio - commit: 1.23.0 - charts: - - https://istio-release.storage.googleapis.com/charts/base-1.23.0.tgz - - https://istio-release.storage.googleapis.com/charts/istiod-1.23.0.tgz - - https://istio-release.storage.googleapis.com/charts/istiod-remote-1.23.0.tgz - - https://istio-release.storage.googleapis.com/charts/gateway-1.23.0.tgz - - https://istio-release.storage.googleapis.com/charts/cni-1.23.0.tgz - - https://istio-release.storage.googleapis.com/charts/ztunnel-1.23.0.tgz \ No newline at end of file + - name: v1.24-latest + ref: v1.24.3 + - name: v1.24.3 + version: 1.24.3 + repo: https://github.com/istio/istio + commit: 1.24.3 + charts: + - https://istio-release.storage.googleapis.com/charts/base-1.24.3.tgz + - https://istio-release.storage.googleapis.com/charts/istiod-1.24.3.tgz + - https://istio-release.storage.googleapis.com/charts/gateway-1.24.3.tgz + - https://istio-release.storage.googleapis.com/charts/cni-1.24.3.tgz + - https://istio-release.storage.googleapis.com/charts/ztunnel-1.24.3.tgz + - name: v1.24.2 + version: 1.24.2 + repo: https://github.com/istio/istio + commit: 1.24.2 + charts: + - https://istio-release.storage.googleapis.com/charts/base-1.24.2.tgz + - https://istio-release.storage.googleapis.com/charts/istiod-1.24.2.tgz + - https://istio-release.storage.googleapis.com/charts/gateway-1.24.2.tgz + - https://istio-release.storage.googleapis.com/charts/cni-1.24.2.tgz + - https://istio-release.storage.googleapis.com/charts/ztunnel-1.24.2.tgz + - name: v1.24.1 + version: 1.24.1 + repo: https://github.com/istio/istio + commit: 1.24.1 + charts: + - https://istio-release.storage.googleapis.com/charts/base-1.24.1.tgz + - https://istio-release.storage.googleapis.com/charts/istiod-1.24.1.tgz + - https://istio-release.storage.googleapis.com/charts/gateway-1.24.1.tgz + - https://istio-release.storage.googleapis.com/charts/cni-1.24.1.tgz + - https://istio-release.storage.googleapis.com/charts/ztunnel-1.24.1.tgz + - name: v1.23-latest + ref: v1.23.5 + - name: v1.23.5 + version: 1.23.5 + repo: https://github.com/istio/istio + commit: 1.23.5 + charts: + - https://istio-release.storage.googleapis.com/charts/base-1.23.5.tgz + - https://istio-release.storage.googleapis.com/charts/istiod-1.23.5.tgz + - https://istio-release.storage.googleapis.com/charts/istiod-remote-1.23.5.tgz + - https://istio-release.storage.googleapis.com/charts/gateway-1.23.5.tgz + - https://istio-release.storage.googleapis.com/charts/cni-1.23.5.tgz + - https://istio-release.storage.googleapis.com/charts/ztunnel-1.23.5.tgz + - name: v1.23.4 + version: 1.23.4 + repo: https://github.com/istio/istio + commit: 1.23.4 + charts: + - https://istio-release.storage.googleapis.com/charts/base-1.23.4.tgz + - https://istio-release.storage.googleapis.com/charts/istiod-1.23.4.tgz + - https://istio-release.storage.googleapis.com/charts/istiod-remote-1.23.4.tgz + - https://istio-release.storage.googleapis.com/charts/gateway-1.23.4.tgz + - https://istio-release.storage.googleapis.com/charts/cni-1.23.4.tgz + - https://istio-release.storage.googleapis.com/charts/ztunnel-1.23.4.tgz + - name: v1.23.3 + version: 1.23.3 + repo: https://github.com/istio/istio + commit: 1.23.3 + charts: + - https://istio-release.storage.googleapis.com/charts/base-1.23.3.tgz + - https://istio-release.storage.googleapis.com/charts/istiod-1.23.3.tgz + - https://istio-release.storage.googleapis.com/charts/istiod-remote-1.23.3.tgz + - https://istio-release.storage.googleapis.com/charts/gateway-1.23.3.tgz + - https://istio-release.storage.googleapis.com/charts/cni-1.23.3.tgz + - https://istio-release.storage.googleapis.com/charts/ztunnel-1.23.3.tgz + - name: v1.23.0 + version: 1.23.0 + repo: https://github.com/istio/istio + commit: 1.23.0 + charts: + - https://istio-release.storage.googleapis.com/charts/base-1.23.0.tgz + - https://istio-release.storage.googleapis.com/charts/istiod-1.23.0.tgz + - https://istio-release.storage.googleapis.com/charts/istiod-remote-1.23.0.tgz + - https://istio-release.storage.googleapis.com/charts/gateway-1.23.0.tgz + - https://istio-release.storage.googleapis.com/charts/cni-1.23.0.tgz + - https://istio-release.storage.googleapis.com/charts/ztunnel-1.23.0.tgz diff --git a/tests/e2e/ambient/ambient_test.go b/tests/e2e/ambient/ambient_test.go index dc38540af..cb141bf04 100644 --- a/tests/e2e/ambient/ambient_test.go +++ b/tests/e2e/ambient/ambient_test.go @@ -36,9 +36,7 @@ import ( ) const ( - sleepNamespace = "sleep" - httpbinNamespace = "httpbin" - defaultTimeout = 180 + defaultTimeout = 180 ) var _ = Describe("Ambient configuration ", Ordered, func() { @@ -245,44 +243,44 @@ spec: // using a sleep pod from the sleep namespace, we try to connect to the httpbin service to verify that connectivity is successful. When("sample apps are deployed in the cluster", func() { BeforeAll(func(ctx SpecContext) { - Expect(k.CreateNamespace(sleepNamespace)).To(Succeed(), "Failed to create sleep namespace") - Expect(k.CreateNamespace(httpbinNamespace)).To(Succeed(), "Failed to create httpbin namespace") + Expect(k.CreateNamespace(common.SleepNamespace)).To(Succeed(), "Failed to create sleep namespace") + Expect(k.CreateNamespace(common.HttpbinNamespace)).To(Succeed(), "Failed to create httpbin namespace") // Add the necessary ambient labels on the namespaces. - Expect(k.Patch("namespace", sleepNamespace, "merge", `{"metadata":{"labels":{"istio.io/dataplane-mode":"ambient"}}}`)). + Expect(k.Patch("namespace", common.SleepNamespace, "merge", `{"metadata":{"labels":{"istio.io/dataplane-mode":"ambient"}}}`)). To(Succeed(), "Error patching sleep namespace") - Expect(k.Patch("namespace", httpbinNamespace, "merge", `{"metadata":{"labels":{"istio.io/dataplane-mode":"ambient"}}}`)). + Expect(k.Patch("namespace", common.HttpbinNamespace, "merge", `{"metadata":{"labels":{"istio.io/dataplane-mode":"ambient"}}}`)). To(Succeed(), "Error patching httpbin namespace") // Deploy the test pods. - Expect(k.WithNamespace(sleepNamespace).Apply(common.GetSampleYAML(version, "sleep"))).To(Succeed(), "error deploying sleep pod") - Expect(k.WithNamespace(httpbinNamespace).Apply(common.GetSampleYAML(version, "httpbin"))).To(Succeed(), "error deploying httpbin pod") + Expect(k.WithNamespace(common.SleepNamespace).Apply(common.GetSampleYAML(version, "sleep"))).To(Succeed(), "error deploying sleep pod") + Expect(k.WithNamespace(common.HttpbinNamespace).Apply(common.GetSampleYAML(version, "httpbin"))).To(Succeed(), "error deploying httpbin pod") Success("Ambient validation pods deployed") }) sleepPod := &corev1.PodList{} It("updates the status of pods to Running", func(ctx SpecContext) { - sleepPod, err = common.CheckPodsReady(ctx, cl, sleepNamespace) + sleepPod, err = common.CheckPodsReady(ctx, cl, common.SleepNamespace) Expect(err).ToNot(HaveOccurred(), fmt.Sprintf("Error checking status of sleep pod: %v", err)) - _, err = common.CheckPodsReady(ctx, cl, httpbinNamespace) + _, err = common.CheckPodsReady(ctx, cl, common.HttpbinNamespace) Expect(err).ToNot(HaveOccurred(), fmt.Sprintf("Error checking status of httpbin pod: %v", err)) Success("Pods are ready") }) It("has the ztunnel proxy sockets configured in the pod network namespace", func(ctx SpecContext) { - checkZtunnelPort(sleepPod.Items[0].Name, sleepNamespace) + checkZtunnelPort(sleepPod.Items[0].Name, common.SleepNamespace) }) It("can access the httpbin service from the sleep pod", func(ctx SpecContext) { - checkPodConnectivity(sleepPod.Items[0].Name, sleepNamespace, httpbinNamespace) + checkPodConnectivity(sleepPod.Items[0].Name, common.SleepNamespace, common.HttpbinNamespace) }) AfterAll(func(ctx SpecContext) { By("Deleting the pods") - Expect(k.DeleteNamespace(httpbinNamespace, sleepNamespace)). + Expect(k.DeleteNamespace(common.HttpbinNamespace, common.SleepNamespace)). To(Succeed(), "Failed to delete namespaces") Success("Ambient validation pods deleted") }) @@ -336,7 +334,7 @@ spec: AfterAll(func(ctx SpecContext) { if CurrentSpecReport().Failed() { - common.LogDebugInfo(k) + common.LogDebugInfo(common.Ambient, k) debugInfoLogged = true } @@ -353,7 +351,7 @@ spec: AfterAll(func() { if CurrentSpecReport().Failed() && !debugInfoLogged { - common.LogDebugInfo(k) + common.LogDebugInfo(common.Ambient, k) debugInfoLogged = true } diff --git a/tests/e2e/controlplane/control_plane_suite_test.go b/tests/e2e/controlplane/control_plane_suite_test.go index b0dee02aa..10317f758 100644 --- a/tests/e2e/controlplane/control_plane_suite_test.go +++ b/tests/e2e/controlplane/control_plane_suite_test.go @@ -20,11 +20,16 @@ import ( "testing" "github.com/istio-ecosystem/sail-operator/pkg/env" + "github.com/istio-ecosystem/sail-operator/pkg/kube" + . "github.com/istio-ecosystem/sail-operator/pkg/test/util/ginkgo" k8sclient "github.com/istio-ecosystem/sail-operator/tests/e2e/util/client" "github.com/istio-ecosystem/sail-operator/tests/e2e/util/common" + . "github.com/istio-ecosystem/sail-operator/tests/e2e/util/gomega" "github.com/istio-ecosystem/sail-operator/tests/e2e/util/kubectl" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" + appsv1 "k8s.io/api/apps/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/controller-runtime/pkg/client" ) @@ -64,3 +69,33 @@ func setup() { k = kubectl.New() } + +var _ = BeforeSuite(func(ctx SpecContext) { + Expect(k.CreateNamespace(namespace)).To(Succeed(), "Namespace failed to be created") + + if skipDeploy { + Success("Skipping operator installation because it was deployed externally") + } else { + Expect(common.InstallOperatorViaHelm()). + To(Succeed(), "Operator failed to be deployed") + } + + Eventually(common.GetObject).WithArguments(ctx, cl, kube.Key(deploymentName, namespace), &appsv1.Deployment{}). + Should(HaveCondition(appsv1.DeploymentAvailable, metav1.ConditionTrue), "Error getting Istio CRD") + Success("Operator is deployed in the namespace and Running") +}) + +var _ = AfterSuite(func(ctx SpecContext) { + if skipDeploy { + Success("Skipping operator undeploy because it was deployed externally") + return + } + + By("Deleting operator deployment") + Expect(common.UninstallOperator()). + To(Succeed(), "Operator failed to be deleted") + GinkgoWriter.Println("Operator uninstalled") + + Expect(k.DeleteNamespace(namespace)).To(Succeed(), "Namespace failed to be deleted") + Success("Namespace deleted") +}) diff --git a/tests/e2e/controlplane/control_plane_test.go b/tests/e2e/controlplane/control_plane_test.go index 0bfd69e45..4c2378fb6 100644 --- a/tests/e2e/controlplane/control_plane_test.go +++ b/tests/e2e/controlplane/control_plane_test.go @@ -39,26 +39,11 @@ import ( "istio.io/istio/pkg/ptr" ) -var _ = Describe("Control Plane Installation", Ordered, func() { +var _ = Describe("Control Plane Installation", Label("slow"), Ordered, func() { SetDefaultEventuallyTimeout(180 * time.Second) SetDefaultEventuallyPollingInterval(time.Second) debugInfoLogged := false - BeforeAll(func(ctx SpecContext) { - Expect(k.CreateNamespace(namespace)).To(Succeed(), "Namespace failed to be created") - - if skipDeploy { - Success("Skipping operator installation because it was deployed externally") - } else { - Expect(common.InstallOperatorViaHelm()). - To(Succeed(), "Operator failed to be deployed") - } - - Eventually(common.GetObject).WithArguments(ctx, cl, kube.Key(deploymentName, namespace), &appsv1.Deployment{}). - Should(HaveCondition(appsv1.DeploymentAvailable, metav1.ConditionTrue), "Error getting Istio CRD") - Success("Operator is deployed in the namespace and Running") - }) - Describe("defaulting", func() { DescribeTable("IstioCNI", Entry("no spec", ""), @@ -128,8 +113,8 @@ metadata: spec: version: %s namespace: %s` - yaml = fmt.Sprintf(yaml, name, istioCniNamespace) - Log("IstioCNI YAML:", indent(2, yaml)) + yaml = fmt.Sprintf(yaml, version.Name, istioCniNamespace) + Log("IstioCNI YAML:", indent(yaml)) Expect(k.CreateFromString(yaml)).To(Succeed(), "IstioCNI creation failed") Success("IstioCNI created") }) @@ -178,8 +163,8 @@ metadata: spec: version: %s namespace: %s` - istioYAML = fmt.Sprintf(istioYAML, name, controlPlaneNamespace) - Log("Istio YAML:", indent(2, istioYAML)) + istioYAML = fmt.Sprintf(istioYAML, version.Name, controlPlaneNamespace) + Log("Istio YAML:", indent(istioYAML)) Expect(k.CreateFromString(istioYAML)). To(Succeed(), "Istio CR failed to be created") Success("Istio CR created") @@ -299,7 +284,7 @@ spec: AfterAll(func(ctx SpecContext) { if CurrentSpecReport().Failed() { - common.LogDebugInfo(k) + common.LogDebugInfo(common.ControlPlane, k) debugInfoLogged = true } @@ -318,22 +303,9 @@ spec: AfterAll(func() { if CurrentSpecReport().Failed() && !debugInfoLogged { - common.LogDebugInfo(k) + common.LogDebugInfo(common.ControlPlane, k) debugInfoLogged = true } - - if skipDeploy { - Success("Skipping operator undeploy because it was deployed externally") - return - } - - By("Deleting operator deployment") - Expect(common.UninstallOperator()). - To(Succeed(), "Operator failed to be deleted") - GinkgoWriter.Println("Operator uninstalled") - - Expect(k.DeleteNamespace(namespace)).To(Succeed(), "Namespace failed to be deleted") - Success("Namespace deleted") }) }) @@ -349,8 +321,8 @@ func ImageFromRegistry(regexp string) types.GomegaMatcher { return HaveField("Image", MatchRegexp(regexp)) } -func indent(level int, str string) string { - indent := strings.Repeat(" ", level) +func indent(str string) string { + indent := strings.Repeat(" ", 2) return indent + strings.ReplaceAll(str, "\n", "\n"+indent) } diff --git a/tests/e2e/controlplane/control_plane_update_test.go b/tests/e2e/controlplane/control_plane_update_test.go new file mode 100644 index 000000000..6ddc1f61b --- /dev/null +++ b/tests/e2e/controlplane/control_plane_update_test.go @@ -0,0 +1,336 @@ +//go:build e2e + +// Copyright Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR Condition OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package controlplane + +import ( + "fmt" + "strings" + "time" + + "github.com/Masterminds/semver/v3" + v1 "github.com/istio-ecosystem/sail-operator/api/v1" + "github.com/istio-ecosystem/sail-operator/pkg/istioversion" + "github.com/istio-ecosystem/sail-operator/pkg/kube" + . "github.com/istio-ecosystem/sail-operator/pkg/test/util/ginkgo" + "github.com/istio-ecosystem/sail-operator/tests/e2e/util/common" + . "github.com/istio-ecosystem/sail-operator/tests/e2e/util/gomega" + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +var _ = Describe("Control Plane updates", Label("update"), Ordered, func() { + SetDefaultEventuallyTimeout(180 * time.Second) + SetDefaultEventuallyPollingInterval(time.Second) + debugInfoLogged := false + + Describe("using IstioRevisionTag", func() { + if len(istioversion.List) < 2 { + Skip("Skipping update tests because there are not enough versions in versions.yaml") + } + + // istioversion.Old is the version second version in versions.yaml file and istioversion.New is the first version in the List + // istioversion.Old is going to be the base version from where we are going to update to istioversion.New + // TODO: improve this: https://github.com/istio-ecosystem/sail-operator/issues/681 + baseVersion := istioversion.Old + newVersion := istioversion.New + Context(baseVersion, func() { + BeforeAll(func(ctx SpecContext) { + Expect(k.CreateNamespace(controlPlaneNamespace)).To(Succeed(), "Istio namespace failed to be created") + Expect(k.CreateNamespace(istioCniNamespace)).To(Succeed(), "IstioCNI namespace failed to be created") + + yaml := ` +apiVersion: sailoperator.io/v1 +kind: IstioCNI +metadata: + name: default +spec: + version: %s + namespace: %s` + yaml = fmt.Sprintf(yaml, baseVersion, istioCniNamespace) + Log("IstioCNI YAML:", indent(yaml)) + Expect(k.CreateFromString(yaml)).To(Succeed(), "IstioCNI creation failed") + Success("IstioCNI created") + + Eventually(common.GetObject).WithArguments(ctx, cl, kube.Key(istioCniName), &v1.IstioCNI{}). + Should(HaveCondition(v1.IstioCNIConditionReady, metav1.ConditionTrue), "IstioCNI is not Ready; unexpected Condition") + Success("IstioCNI is Ready") + }) + + When(fmt.Sprintf("the Istio CR is created with RevisionBased updateStrategy for base version %s", baseVersion), func() { + BeforeAll(func() { + istioYAML := ` +apiVersion: sailoperator.io/v1 +kind: Istio +metadata: + name: default +spec: + version: %s + namespace: %s + updateStrategy: + type: RevisionBased + inactiveRevisionDeletionGracePeriodSeconds: 30` + istioYAML = fmt.Sprintf(istioYAML, baseVersion, controlPlaneNamespace) + Log("Istio YAML:", indent(istioYAML)) + Expect(k.CreateFromString(istioYAML)). + To(Succeed(), "Istio CR failed to be created") + Success("Istio CR created") + }) + + It("deploys istiod and pod is Ready", func(ctx SpecContext) { + Eventually(common.GetObject).WithArguments(ctx, cl, kube.Key("default"), &v1.Istio{}). + Should(HaveCondition(v1.IstioConditionReady, metav1.ConditionTrue), "Istiod is not Available; unexpected Condition") + Success("Istiod is deployed in the namespace and Running") + }) + }) + + When("the IstioRevisionTag resource is created", func() { + BeforeAll(func() { + IstioRevisionTagYAML := ` +apiVersion: sailoperator.io/v1 +kind: IstioRevisionTag +metadata: + name: default +spec: + targetRef: + kind: Istio + name: default` + Log("IstioRevisionTag YAML:", indent(IstioRevisionTagYAML)) + Expect(k.CreateFromString(IstioRevisionTagYAML)). + To(Succeed(), "IstioRevisionTag CR failed to be created") + Success("IstioRevisionTag CR created") + }) + + It("creates the resource with condition InUse false", func(ctx SpecContext) { + // Condition InUse is expected to be false because there are no pods using the IstioRevisionTag + Eventually(common.GetObject).WithArguments(ctx, cl, kube.Key("default"), &v1.IstioRevisionTag{}). + Should(HaveCondition(v1.IstioRevisionTagConditionInUse, metav1.ConditionFalse), "unexpected Condition; expected InUse False") + Success("IstioRevisionTag created and not in use") + }) + + It("IstioRevisionTag revision name is equal to the IstioRevision base name", func(ctx SpecContext) { + revisionName := strings.Replace(baseVersion, ".", "-", -1) + Eventually(common.GetObject).WithArguments(ctx, cl, kube.Key("default"), &v1.IstioRevisionTag{}). + Should(HaveField("Status.IstioRevision", ContainSubstring(revisionName)), + "IstioRevisionTag version does not match the IstioRevision name of the base version") + Success("IstioRevisionTag version matches the Istio version") + }) + }) + + When("sample pod is deployed", func() { + BeforeAll(func(ctx SpecContext) { + Expect(k.CreateNamespace(sampleNamespace)).To(Succeed(), "Sample namespace failed to be created") + Expect(k.Label("namespace", sampleNamespace, "istio-injection", "enabled")).To(Succeed(), "Error labeling sample namespace") + Expect(k.Patch("namespace", sampleNamespace, "merge", `{"metadata":{"labels":{"istio-injection":"enabled"}}}`)). + To(Succeed(), "Error patching sample namespace") + Expect(k.WithNamespace(sampleNamespace). + ApplyWithLabels(common.GetSampleYAML(istioversion.Map[baseVersion], sampleNamespace), "version=v1")). + To(Succeed(), "Error deploying sample") + Success("sample deployed") + + samplePods := &corev1.PodList{} + + Eventually(func() bool { + Expect(cl.List(ctx, samplePods, client.InNamespace(sampleNamespace))).To(Succeed()) + return len(samplePods.Items) > 0 + }).Should(BeTrue(), "No sample pods found") + + for _, pod := range samplePods.Items { + Eventually(common.GetObject).WithArguments(ctx, cl, kube.Key(pod.Name, sampleNamespace), &corev1.Pod{}). + Should(HaveCondition(corev1.PodReady, metav1.ConditionTrue), "Pod is not Ready") + } + Success("sample pods are ready") + + for _, pod := range samplePods.Items { + sidecarVersion, err := getProxyVersion(pod.Name, sampleNamespace) + Expect(err).NotTo(HaveOccurred(), "Error getting sidecar version") + Expect(sidecarVersion).To(Equal(istioversion.Map[baseVersion].Version), "Sidecar Istio version does not match the expected version") + } + Success("Istio sidecar version matches the expected base Istio version") + }) + + It("IstioRevisionTag state change to inUse true", func(ctx SpecContext) { + Eventually(common.GetObject).WithArguments(ctx, cl, kube.Key("default"), &v1.IstioRevisionTag{}). + Should(HaveCondition(v1.IstioRevisionTagConditionInUse, metav1.ConditionTrue), "unexpected Condition; expected InUse true") + Success("IstioRevisionTag is in use by the sample pods") + }) + }) + + When("the Istio CR is updated to the new Istio version", func() { + BeforeAll(func() { + Expect(k.Patch("istio", "default", "merge", `{"spec":{"version":"`+newVersion+`"}}`)).To(Succeed(), "Error updating Istio CR to new Istio version") + Success("Istio CR updated") + }) + + It("Istio resource has revisions in use equal to two", func(ctx SpecContext) { + Eventually(func() bool { + istioResource := &v1.Istio{} + Expect(cl.Get(ctx, kube.Key("default"), istioResource)).To(Succeed()) + return istioResource.Status.Revisions.InUse == 2 + }).Should(BeTrue(), "Istio resource does not have two revisions in use") + Success("Istio resource has two revisions in use") + }) + + It("two istiod pods are running", func(ctx SpecContext) { + Eventually(func() bool { + istiodPods := &corev1.PodList{} + Expect(cl.List(ctx, istiodPods, client.InNamespace(controlPlaneNamespace), client.MatchingLabels{"app": "istiod"})).To(Succeed()) + for _, pod := range istiodPods.Items { + if pod.Status.Phase != corev1.PodRunning { + return false + } + } + return true + }).Should(BeTrue(), "At least one of the istiod pods is not running") + Success("Istiod pods are Running") + }) + + It("there is one IstionRevision for each version", func(ctx SpecContext) { + istioRevisions := &v1.IstioRevisionList{} + Expect(cl.List(ctx, istioRevisions)).To(Succeed()) + Expect(istioRevisions.Items).To(HaveLen(2), "Unexpected number of IstioRevisionTags; expected 2") + Expect(istioRevisions.Items).To(ContainElement( + HaveField("Spec", HaveField("Version", ContainSubstring(baseVersion)))), + "Expected a revision with the base version") + Expect(istioRevisions.Items).To(ContainElement( + HaveField("Spec", HaveField("Version", ContainSubstring(newVersion)))), + "Expected a revision with the new version") + Success("Two IstionRevision found") + }) + + It("both IstionRevision are in use", func(ctx SpecContext) { + // Check that both IstioRevisionTags are in use. One is in use by the current proxies and the new because is being referenced by the tag + istioRevisions := &v1.IstioRevisionList{} + Expect(cl.List(ctx, istioRevisions)).To(Succeed()) + for _, revision := range istioRevisions.Items { + Expect(revision).To(HaveCondition(v1.IstioRevisionTagConditionInUse, metav1.ConditionTrue), "IstioRevisionTag is not in use") + } + Success("Both IstionRevision are in use") + }) + + It("proxy version on sample pods still is base version", func(ctx SpecContext) { + samplePods := &corev1.PodList{} + Expect(cl.List(ctx, samplePods, client.InNamespace(sampleNamespace))).To(Succeed()) + Expect(samplePods.Items).ToNot(BeEmpty(), "No pods found in sample namespace") + + for _, pod := range samplePods.Items { + Eventually(func() *semver.Version { + sidecarVersion, err := getProxyVersion(pod.Name, sampleNamespace) + Expect(err).NotTo(HaveOccurred(), "Error getting sidecar version") + return sidecarVersion + }).Should(Equal(istioversion.Map[baseVersion].Version), "Sidecar Istio version does not match the expected version") + } + Success("Istio sidecar version matches the expected Istio version") + }) + }) + + When("sample pod are restarted", func() { + BeforeAll(func(ctx SpecContext) { + samplePods := &corev1.PodList{} + Expect(cl.List(ctx, samplePods, client.InNamespace(sampleNamespace))).To(Succeed()) + Expect(samplePods.Items).ToNot(BeEmpty(), "No pods found in sample namespace") + + for _, pod := range samplePods.Items { + cl.Delete(ctx, &pod) + } + + Expect(cl.List(ctx, samplePods, client.InNamespace(sampleNamespace))).To(Succeed()) + Expect(samplePods.Items).ToNot(BeEmpty(), "No pods found in sample namespace") + for _, pod := range samplePods.Items { + Eventually(common.GetObject).WithArguments(ctx, cl, kube.Key(pod.Name, sampleNamespace), &corev1.Pod{}). + Should(HaveCondition(corev1.PodReady, metav1.ConditionTrue), "Pod is not Ready") + } + + Success("sample pods restarted and are ready") + }) + + It("updates the proxy version to the new Istio version", func(ctx SpecContext) { + Eventually(func() bool { + samplePods := &corev1.PodList{} + Expect(cl.List(ctx, samplePods, client.InNamespace(sampleNamespace))).To(Succeed()) + if len(samplePods.Items) == 0 { + return false + } + + for _, pod := range samplePods.Items { + sidecarVersion, err := getProxyVersion(pod.Name, sampleNamespace) + if err != nil || !sidecarVersion.Equal(istioversion.Map[newVersion].Version) { + return false + } + } + return true + }).Should(BeTrue(), "Sidecar Istio version does not match the expected version") + Success("Istio sidecar version matches the expected new Istio version") + }) + + It("IstionRevision resource and old istiod pod is deleted", func(ctx SpecContext) { + // The IstioRevisionTag is now in use by the new IstioRevision, so the old IstioRevision and the old istiod pod are deleted + Eventually(func() bool { + istioRevisions := &v1.IstioRevisionList{} + Expect(cl.List(ctx, istioRevisions)).To(Succeed()) + if len(istioRevisions.Items) != 1 { + return false + } + + istiodPods := &corev1.PodList{} + Expect(cl.List(ctx, istiodPods, client.InNamespace(controlPlaneNamespace), client.MatchingLabels{"app": "istiod"})).To(Succeed()) + return len(istiodPods.Items) == 1 + }).Should(BeTrue(), "IstionRevision or Istiod pods are not being deleted") + Success("IstionRevision and istiod pods are being deleted") + }) + + It("IstioRevisionTag revision name is equal to the IstionRevision name of the new Istio version", func(ctx SpecContext) { + revisionName := strings.Replace(newVersion, ".", "-", -1) + Eventually(common.GetObject).WithArguments(ctx, cl, kube.Key("default"), &v1.IstioRevisionTag{}). + Should(HaveField("Status.IstioRevision", ContainSubstring(revisionName)), "IstioRevisionTag version does not match the new IstioRevision name") + Success("IstioRevisionTag points to the new IstioRevision") + }) + }) + + AfterAll(func(ctx SpecContext) { + if CurrentSpecReport().Failed() { + common.LogDebugInfo(common.ControlPlane, k) + debugInfoLogged = true + } + + By("Cleaning up sample namespace") + Expect(k.DeleteNamespace(sampleNamespace)).To(Succeed(), "Sample Namespace failed to be deleted") + + By("Cleaning up the Istio namespace") + Expect(k.Delete("istio", istioName)).To(Succeed(), "Istio CR failed to be deleted") + Expect(k.DeleteNamespace(controlPlaneNamespace)).To(Succeed(), "Istio Namespace failed to be deleted") + + By("Cleaning up the IstioCNI namespace") + Expect(k.Delete("istiocni", istioCniName)).To(Succeed(), "IstioCNI CR failed to be deleted") + Expect(k.DeleteNamespace(istioCniNamespace)).To(Succeed(), "IstioCNI Namespace failed to be deleted") + + By("Deleting the IstioRevisionTag") + Expect(k.Delete("istiorevisiontag", "default")).To(Succeed(), "IstioRevisionTag failed to be deleted") + Success("Cleanup done") + }) + }) + + AfterAll(func() { + if CurrentSpecReport().Failed() && !debugInfoLogged { + common.LogDebugInfo(common.ControlPlane, k) + debugInfoLogged = true + } + }) + }) +}) diff --git a/tests/e2e/dualstack/dualstack_test.go b/tests/e2e/dualstack/dualstack_test.go index b2d0402f3..12d9d73f5 100644 --- a/tests/e2e/dualstack/dualstack_test.go +++ b/tests/e2e/dualstack/dualstack_test.go @@ -272,7 +272,7 @@ spec: AfterAll(func(ctx SpecContext) { if CurrentSpecReport().Failed() { - common.LogDebugInfo(k) + common.LogDebugInfo(common.DualStack, k) debugInfoLogged = true } @@ -287,7 +287,7 @@ spec: AfterAll(func() { if CurrentSpecReport().Failed() && !debugInfoLogged { - common.LogDebugInfo(k) + common.LogDebugInfo(common.DualStack, k) debugInfoLogged = true } diff --git a/tests/e2e/multicluster/multicluster_multiprimary_test.go b/tests/e2e/multicluster/multicluster_multiprimary_test.go index b4ebc1d93..80ebd5055 100644 --- a/tests/e2e/multicluster/multicluster_multiprimary_test.go +++ b/tests/e2e/multicluster/multicluster_multiprimary_test.go @@ -274,7 +274,7 @@ spec: AfterAll(func(ctx SpecContext) { if CurrentSpecReport().Failed() { - common.LogDebugInfo(k1, k2) + common.LogDebugInfo(common.MultiCluster, k1, k2) debugInfoLogged = true } @@ -298,7 +298,7 @@ spec: AfterAll(func(ctx SpecContext) { if CurrentSpecReport().Failed() && !debugInfoLogged { - common.LogDebugInfo(k1, k2) + common.LogDebugInfo(common.MultiCluster, k1, k2) debugInfoLogged = true } diff --git a/tests/e2e/multicluster/multicluster_primaryremote_test.go b/tests/e2e/multicluster/multicluster_primaryremote_test.go index b10438cb3..f009edf60 100644 --- a/tests/e2e/multicluster/multicluster_primaryremote_test.go +++ b/tests/e2e/multicluster/multicluster_primaryremote_test.go @@ -318,7 +318,7 @@ spec: AfterAll(func(ctx SpecContext) { if CurrentSpecReport().Failed() { - common.LogDebugInfo(k1, k2) + common.LogDebugInfo(common.MultiCluster, k1, k2) debugInfoLogged = true } @@ -348,7 +348,7 @@ spec: AfterAll(func(ctx SpecContext) { if CurrentSpecReport().Failed() && !debugInfoLogged { - common.LogDebugInfo(k1, k2) + common.LogDebugInfo(common.MultiCluster, k1, k2) debugInfoLogged = true } diff --git a/tests/e2e/multicontrolplane/multi_control_plane_test.go b/tests/e2e/multicontrolplane/multi_control_plane_test.go index e185fe9f1..d4cef3bec 100644 --- a/tests/e2e/multicontrolplane/multi_control_plane_test.go +++ b/tests/e2e/multicontrolplane/multi_control_plane_test.go @@ -189,7 +189,7 @@ spec: AfterAll(func() { if CurrentSpecReport().Failed() && !debugInfoLogged { - common.LogDebugInfo(k) + common.LogDebugInfo(common.MultiControlPlane, k) debugInfoLogged = true } diff --git a/tests/e2e/operator/operator_install_test.go b/tests/e2e/operator/operator_install_test.go index d726e82e3..88ec6f9d7 100644 --- a/tests/e2e/operator/operator_install_test.go +++ b/tests/e2e/operator/operator_install_test.go @@ -181,14 +181,14 @@ subjects: Expect(k.DeleteNamespace(curlNamespace)).To(Succeed(), "failed to delete curl namespace") if CurrentSpecReport().Failed() { - common.LogDebugInfo(k) + common.LogDebugInfo(common.Operator, k) } }) }) AfterAll(func() { if CurrentSpecReport().Failed() { - common.LogDebugInfo(k) + common.LogDebugInfo(common.Operator, k) } if skipDeploy { diff --git a/tests/e2e/util/common/e2e_utils.go b/tests/e2e/util/common/e2e_utils.go index 0d702311b..55d14f5ca 100644 --- a/tests/e2e/util/common/e2e_utils.go +++ b/tests/e2e/util/common/e2e_utils.go @@ -43,6 +43,22 @@ import ( "istio.io/istio/pkg/ptr" ) +type testSuite string + +const ( + Ambient testSuite = "ambient" + ControlPlane testSuite = "control-plane" + DualStack testSuite = "dual-stack" + MultiCluster testSuite = "multi-cluster" + Operator testSuite = "operator" + MultiControlPlane testSuite = "multi-control-plane" +) + +const ( + SleepNamespace = "sleep" + HttpbinNamespace = "httpbin" +) + var ( OperatorImage = env.Get("IMAGE", "quay.io/sail-dev/sail-operator:latest") OperatorNamespace = env.Get("NAMESPACE", "sail-operator") @@ -52,6 +68,7 @@ var ( istioName = env.Get("ISTIO_NAME", "default") istioCniName = env.Get("ISTIOCNI_NAME", "default") istioCniNamespace = env.Get("ISTIOCNI_NAMESPACE", "istio-cni") + ztunnelNamespace = env.Get("ZTUNNEL_NAMESPACE", "ztunnel") // version can have one of the following formats: // - 1.22.2 @@ -131,7 +148,7 @@ func CheckNamespaceEmpty(ctx SpecContext, cl client.Client, ns string) { }).Should(BeEmpty(), "No Services should be present in the namespace") } -func LogDebugInfo(kubectls ...kubectl.Kubectl) { +func LogDebugInfo(suite testSuite, kubectls ...kubectl.Kubectl) { // General debugging information to help diagnose the failure // TODO: Add the creation of file with this information to be attached to the test report @@ -153,6 +170,14 @@ func LogDebugInfo(kubectls ...kubectl.Kubectl) { logCertsDebugInfo(k) GinkgoWriter.Println("=========================================================") GinkgoWriter.Println() + + if suite == Ambient { + logZtunnelDebugInfo(k) + describe, err := k.WithNamespace(SleepNamespace).Describe("deployment", "sleep") + logDebugElement("=====sleep deployment describe=====", describe, err) + describe, err = k.WithNamespace(HttpbinNamespace).Describe("deployment", "httpbin") + logDebugElement("=====httpbin deployment describe=====", describe, err) + } } } @@ -210,9 +235,26 @@ func logCNIDebugInfo(k kubectl.Kubectl) { logDebugElement("=====Istio CNI logs=====", logs, err) } +func logZtunnelDebugInfo(k kubectl.Kubectl) { + resource, err := k.GetYAML("ztunnel", "default") + logDebugElement("=====ZTunnel YAML=====", resource, err) + + ds, err := k.WithNamespace(ztunnelNamespace).GetYAML("daemonset", "ztunnel") + logDebugElement("=====ZTunnel DaemonSet YAML=====", ds, err) + + events, err := k.WithNamespace(ztunnelNamespace).GetEvents() + logDebugElement("=====Events in "+ztunnelNamespace+"=====", events, err) + + describe, err := k.WithNamespace(ztunnelNamespace).Describe("daemonset", "ztunnel") + logDebugElement("=====ZTunnel DaemonSet describe=====", describe, err) + + logs, err := k.WithNamespace(ztunnelNamespace).Logs("daemonset/ztunnel", ptr.Of(120*time.Second)) + logDebugElement("=====ztunnel logs=====", logs, err) +} + func logCertsDebugInfo(k kubectl.Kubectl) { certs, err := k.WithNamespace(controlPlaneNamespace).GetSecret("cacerts") - logDebugElement("=====CA certs=====", certs, err) + logDebugElement("=====CA certs in "+controlPlaneNamespace+"=====", certs, err) } func logDebugElement(caption string, info string, err error) {