use 1.24.4-redhat

bundle/manifests/servicemeshoperator3.clusterserviceversion.yaml

@@ -34,7 +34,7 @@ metadata:
     capabilities: Seamless Upgrades
     categories: OpenShift Optional, Integration & Delivery, Networking, Security
     containerImage: quay.io/maistra-dev/sail-operator:3.0-latest
-    createdAt: "2025-04-02T12:12:01Z"
+    createdAt: "2025-04-07T08:32:09Z"
     description: The OpenShift Service Mesh Operator enables you to install, configure,
       and manage an instance of Red Hat OpenShift Service Mesh. OpenShift Service
       Mesh is based on the open source Istio project.

pkg/istioversion/versions.ossm.yaml

@@ -18,11 +18,11 @@ versions:
     repo: https://github.com/istio/istio
     commit: 1.24.4
     charts:
-      - https://istio-release.storage.googleapis.com/charts/base-1.24.4.tgz
-      - https://istio-release.storage.googleapis.com/charts/istiod-1.24.4.tgz
-      - https://istio-release.storage.googleapis.com/charts/gateway-1.24.4.tgz
-      - https://istio-release.storage.googleapis.com/charts/cni-1.24.4.tgz
-      - https://istio-release.storage.googleapis.com/charts/ztunnel-1.24.4.tgz
+      - https://github.com/openshift-service-mesh/istio-release/raw/e50a777f7977dc477dd380171b8beffed7394c90/1.24.4-redhat/helm/base-1.24.4.tgz
+      - https://github.com/openshift-service-mesh/istio-release/raw/e50a777f7977dc477dd380171b8beffed7394c90/1.24.4-redhat/helm/istiod-1.24.4.tgz
+      - https://github.com/openshift-service-mesh/istio-release/raw/e50a777f7977dc477dd380171b8beffed7394c90/1.24.4-redhat/helm/gateway-1.24.4.tgz
+      - https://github.com/openshift-service-mesh/istio-release/raw/e50a777f7977dc477dd380171b8beffed7394c90/1.24.4-redhat/helm/cni-1.24.4.tgz
+      - https://github.com/openshift-service-mesh/istio-release/raw/e50a777f7977dc477dd380171b8beffed7394c90/1.24.4-redhat/helm/ztunnel-1.24.4.tgz
   - name: v1.24.3
     version: 1.24.3
     repo: https://github.com/istio/istio

resources/v1.24.4/charts/istiod/files/gateway-injection-template.yaml

@@ -232,7 +232,7 @@ spec:
   {{- if eq .Values.global.pilotCertProvider "istiod" }}
   - name: istiod-ca-cert
     configMap:
-      name: istio-ca-root-cert
+      name: {{ .Values.global.trustBundleName | default "istio-ca-root-cert" }}
   {{- end }}
   {{- if .Values.global.mountMtlsCerts }}
   # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications.

resources/v1.24.4/charts/istiod/files/grpc-agent.yaml

@@ -283,7 +283,7 @@ spec:
   {{- if eq .Values.global.pilotCertProvider "istiod" }}
   - name: istiod-ca-cert
     configMap:
-      name: istio-ca-root-cert
+      name: {{ .Values.global.trustBundleName | default "istio-ca-root-cert" }}
   {{- end }}
   {{- if .Values.global.mountMtlsCerts }}
   # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications.

resources/v1.24.4/charts/istiod/files/injection-template.yaml

@@ -477,7 +477,7 @@ spec:
   {{- if eq .Values.global.pilotCertProvider "istiod" }}
   - name: istiod-ca-cert
     configMap:
-      name: istio-ca-root-cert
+      name: {{ .Values.global.trustBundleName | default "istio-ca-root-cert" }}
   {{- end }}
   {{- if .Values.global.mountMtlsCerts }}
   # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications.

resources/v1.24.4/charts/istiod/files/kube-gateway.yaml

@@ -300,7 +300,7 @@ spec:
       {{- if eq .Values.global.pilotCertProvider "istiod" }}
       - name: istiod-ca-cert
         configMap:
-          name: istio-ca-root-cert
+          name: {{ .Values.global.trustBundleName | default "istio-ca-root-cert" }}
       {{- end }}
       {{- if .Values.global.imagePullSecrets }}
       imagePullSecrets:

resources/v1.24.4/charts/istiod/files/waypoint.yaml

@@ -284,7 +284,7 @@ spec:
               expirationSeconds: 43200
               path: istio-token
       - configMap:
-          name: istio-ca-root-cert
+          name: {{ .Values.global.trustBundleName | default "istio-ca-root-cert" }}
         name: istiod-ca-cert
       {{- if .Values.global.imagePullSecrets }}
       imagePullSecrets:

resources/v1.24.4/charts/istiod/templates/deployment.yaml

@@ -189,6 +189,10 @@ spec:
 {{- if and .Values.global.externalIstiod (not (and .Values.env .Values.env.EXTERNAL_ISTIOD)) }}
           - name: EXTERNAL_ISTIOD
             value: "{{ .Values.global.externalIstiod }}"
+{{- end }}
+{{- if .Values.global.trustBundleName }}
+          - name: PILOT_CA_CERT_CONFIGMAP
+            value: "{{ .Values.global.trustBundleName }}"
 {{- end }}
           - name: PILOT_ENABLE_ANALYSIS
             value: "{{ .Values.global.istiod.enableAnalysis }}"
@@ -276,7 +280,7 @@ spec:
           optional: true
       - name: istio-csr-ca-configmap
         configMap:
-          name: istio-ca-root-cert
+          name: {{ .Values.global.trustBundleName | default "istio-ca-root-cert" }}
           defaultMode: 420
           optional: true
   {{- if .Values.jwksResolverExtraRootCA }}

resources/v1.24.4/charts/ztunnel/templates/daemonset.yaml

@@ -184,7 +184,7 @@ spec:
               audience: istio-ca
       - name: istiod-ca-cert
         configMap:
-          name: istio-ca-root-cert
+          name: {{ .Values.trustBundleName | default "istio-ca-root-cert" }}
       - name: cni-ztunnel-sock-dir
         hostPath:
           path: /var/run/ztunnel