Automator: merge upstream changes to openshift-service-mesh/sail-operator@main#647
Merged
openshift-merge-bot[bot] merged 41 commits intoopenshift-service-mesh:mainfrom Feb 12, 2026
Conversation
…stio-ecosystem#1515) Signed-off-by: openshift-service-mesh-bot <openshiftservicemeshbot@gmail.com>
…stio-ecosystem#1516) Signed-off-by: openshift-service-mesh-bot <openshiftservicemeshbot@gmail.com>
openshift-service-mesh-bot
force-pushed
the
none-main-merge_upstream_main-38a843ce
branch
3 times, most recently
from
50c3471 to
a8eb0bb
Compare
…o-ecosystem#1505) This commit adds documentation for deploying Istio in multi-primary multi-network ambient mode using the Sail Operator. Signed-off-by: Mikhail Abramov <mabramov@redhat.com>
openshift-service-mesh-bot
force-pushed
the
none-main-merge_upstream_main-38a843ce
branch
from
a8eb0bb to
cc88c90
Compare
openshift-service-mesh-bot
force-pushed
the
none-main-merge_upstream_main-38a843ce
branch
5 times, most recently
from
a9a27f7 to
efc6df8
Compare
…stio-ecosystem#1520) Signed-off-by: openshift-service-mesh-bot <openshiftservicemeshbot@gmail.com>
openshift-service-mesh-bot
force-pushed
the
none-main-merge_upstream_main-38a843ce
branch
2 times, most recently
from
c3c93dc to
c21f8a2
Compare
…1519) The validate_spec_components function in configuration-converter.sh was failing with "Error: bad expression, please check expression syntax" on extracting "components" keys. The original command attempted to delete non-"enabled" keys using: del(.spec.components.[] | keys[] | select(. != "enabled")) This failed because: - `.spec.components.[]` incorrectly tries to iterate over object values - `keys[]` syntax doesn't work in this pipeline context in yq v4 - `select(. != "enabled")` references values instead of key names - No proper context management for applying deletions back to document Replaced with proper yq v4 syntax using the `with()` function. Signed-off-by: Maxim Babushkin <mbabushk@redhat.com>
openshift-service-mesh-bot
force-pushed
the
none-main-merge_upstream_main-38a843ce
branch
6 times, most recently
from
0c851a3 to
f5376d1
Compare
…stio-ecosystem#1527) Signed-off-by: openshift-service-mesh-bot <openshiftservicemeshbot@gmail.com>
openshift-service-mesh-bot
force-pushed
the
none-main-merge_upstream_main-38a843ce
branch
from
f5376d1 to
167436b
Compare
…stio-ecosystem#1560) Signed-off-by: openshift-service-mesh-bot <openshiftservicemeshbot@gmail.com>
|
/retest |
…stio-ecosystem#1563) Signed-off-by: openshift-service-mesh-bot <openshiftservicemeshbot@gmail.com>
…em#1552) * Adding documentation for zero downtime ztunnel upgrade Adding two options for ztunnel upgrade Signed-off-by: Filip Brychta <fbrychta@redhat.com> * Update docs/update-strategy/update-strategy.adoc Co-authored-by: Sridhar Gaddam <sgaddam@redhat.com> * Update docs/update-strategy/update-strategy.adoc Co-authored-by: Sridhar Gaddam <sgaddam@redhat.com> * Update docs/update-strategy/update-strategy.adoc Co-authored-by: Sridhar Gaddam <sgaddam@redhat.com> * Update docs/update-strategy/update-strategy.adoc Co-authored-by: Sridhar Gaddam <sgaddam@redhat.com> * Update docs/update-strategy/update-strategy.adoc Co-authored-by: Sridhar Gaddam <sgaddam@redhat.com> * Update docs/update-strategy/update-strategy.adoc Co-authored-by: Sridhar Gaddam <sgaddam@redhat.com> * Update docs/update-strategy/update-strategy.adoc Co-authored-by: Sridhar Gaddam <sgaddam@redhat.com> * Review changes Signed-off-by: Filip Brychta <fbrychta@redhat.com> * Update docs/update-strategy/update-strategy.adoc Co-authored-by: Sridhar Gaddam <sgaddam@redhat.com> * Update docs/update-strategy/update-strategy.adoc Co-authored-by: Sridhar Gaddam <sgaddam@redhat.com> * Update docs/update-strategy/update-strategy.adoc Co-authored-by: Sridhar Gaddam <sgaddam@redhat.com> * Update docs/update-strategy/update-strategy.adoc Co-authored-by: Sridhar Gaddam <sgaddam@redhat.com> * Update docs/update-strategy/update-strategy.adoc Co-authored-by: Sridhar Gaddam <sgaddam@redhat.com> --------- Signed-off-by: Filip Brychta <fbrychta@redhat.com> Co-authored-by: Sridhar Gaddam <sgaddam@redhat.com>
…tem#1561) * refactor(helm)!: migrate to fs.FS as the sole resource loading interface Replace string-based ResourceDirectory with fs.FS throughout the codebase to provide a unified abstraction for loading Helm charts and profiles. Changes: - ReconcilerConfig.ResourceDirectory string → ResourceFS fs.FS - cmd/main.go wraps flag value with os.DirFS() at startup - All controllers use ResourceFS directly (no path construction with ResourceDirectory) - UpgradeOrInstallChart now takes (fs.FS, chartPath) instead of chartDir - Renamed getChartDir() → getChartPath() (returns relative path) - Added pkg/helm/fsloader.go with LoadChart() for loading charts from fs.FS This enables consumers to use embed.FS for bundled resources or os.DirFS for filesystem-based resources through a single consistent interface. BREAKING CHANGE: ReconcilerConfig.ResourceDirectory replaced with ResourceFS fs.FS. ChartManager.UpgradeOrInstallChart signature changed to accept fs.FS. Signed-off-by: Aslak Knutsen <aslak@4fs.no> * feat(resources): add embedded fs.FS for library consumers Provide an embed.FS in the resources package so downstream consumers can bundle Helm charts and profiles directly in their binary instead of relying on filesystem paths. The Sail Operator itself does not import this package, keeping its binary size unchanged. This is intended for library consumers who want self-contained binaries with embedded resources. Usage: import "github.com/istio-ecosystem/sail-operator/resources" cfg := config.ReconcilerConfig{ResourceFS: resources.FS} Signed-off-by: Aslak Knutsen <aslak@4fs.no> * feat(resources): use embedded resources by default Add embedded fs.FS from the resources package and use it as the default resource source. The operator now embeds all Helm charts and profiles directly in the binary, eliminating the need for external resource files. Changes: - Change --resource-directory default from /var/lib/sail-operator/resources to "" - When --resource-directory is empty (default), use embedded resources.FS - When --resource-directory is specified, use os.DirFS for filesystem access - Removed --resource-directory from Makefile - Removed --resource-directory from Dockerfile This increases binary size by ~10MB but simplifies deployment by removing the dependency on external resource files mounted into the container. Signed-off-by: Aslak Knutsen <aslak@4fs.no> --------- Signed-off-by: Aslak Knutsen <aslak@4fs.no>
…stio-ecosystem#1565) Signed-off-by: openshift-service-mesh-bot <openshiftservicemeshbot@gmail.com>
* Adding some fix for midstream CI execution Signed-off-by: Francisco Herrera <fjglira@gmail.com> * Forcing avoid the use of external registry when CI mode is detected Adding a new variable to handle properly the case Signed-off-by: Francisco Herrera <fjglira@gmail.com> --------- Signed-off-by: Francisco Herrera <fjglira@gmail.com>
|
/retest |
* Add automation for updating EOL Istio versions Introduces a nightly GitHub Actions workflow and script to automatically mark Istio versions as EOL based on upstream support status. The workflow uses the istio-ecosystem automator to create PRs when EOL flags need updating. Fixes: istio-ecosystem#1531 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> Signed-off-by: Filip Brychta <fbrychta@redhat.com> * Lint Signed-off-by: Filip Brychta <fbrychta@redhat.com> * Adding status badge Signed-off-by: Filip Brychta <fbrychta@redhat.com> --------- Signed-off-by: Filip Brychta <fbrychta@redhat.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
…stio-ecosystem#1571) Signed-off-by: openshift-service-mesh-bot <openshiftservicemeshbot@gmail.com>
…stio-ecosystem#1573) Signed-off-by: openshift-service-mesh-bot <openshiftservicemeshbot@gmail.com>
…io-ecosystem#1572) * refactor: extract shared reconciliation logic into pkg/reconcile Move validation, Helm installation, and image digest logic from individual controllers into a shared pkg/reconcile package. This enables code reuse between operator controllers and (future) the install library, ensuring the same code path is used regardless of deployment mode. Changes: - Add pkg/reconcile with IstiodReconciler, CNIReconciler, ZTunnelReconciler - Each reconciler provides ValidateSpec(), Validate(), Install(), Uninstall() - Export ApplyCNIImageDigests() and ApplyZTunnelImageDigests() for reuse - Refactor IstioRevision, IstioCNI, ZTunnel controllers to delegate to shared reconcilers - Update controller tests to use shared reconcilers Design decisions: - Two-tier validation: ValidateSpec() for basic checks, Validate() for K8s API checks (supports library usage without K8s client) - Controller-agnostic error messages (e.g., "version not set" instead of "spec.version not set") Co-authored-by: Cursor noreply@cursor.com Signed-off-by: Aslak Knutsen <aslak@4fs.no> * refactor(validation): consolidate validation and move CRD-specific checks to controller The validation was awkwardly split between ValidateSpec (no client) and Validate (with client), but both paths actually need a client. This refactoring creates a cleaner separation: - General validations (version/namespace/values checks, target namespace exists) remain in pkg/reconcile - CRD-specific validations (revision name consistency, IstioRevisionTag conflict) move to the controller level Changes: - Remove ValidateSpec from IstiodReconciler, CNIReconciler, ZTunnelReconciler - Collapse validation into single Validate function that always requires client - Add validateRevisionConsistency and validateNoTagConflict to controller - Update tests to reflect new validation structure This enables library consumers to use pkg/reconcile without needing to implement operator-specific validation logic. Signed-off-by: Aslak Knutsen <aslak@4fs.no> * refactor(reconcile): use GetChartPath helper and tidy up exports Replace inline path.Join(version, "charts", ...) calls with the existing GetChartPath helper across all three reconcilers. Unexport getReleaseName since it's only used within istiod.go. Move GetChartPath and its test to common.go/common_test.go (renamed from types.go) since it's shared across packages. Signed-off-by: Aslak Knutsen <aslak@4fs.no> --------- Signed-off-by: Aslak Knutsen <aslak@4fs.no>
…cosystem#1575) Adds RenderChart() and RenderLoadedChart() to render Helm chart templates without cluster access. This enables extracting resource types from charts for watch setup in the install library. Co-authored-by: Cursor noreply@cursor.com Signed-off-by: Aslak Knutsen <aslak@4fs.no>
Collaborator
|
/retest |
…stio-ecosystem#1576) Signed-off-by: openshift-service-mesh-bot <openshiftservicemeshbot@gmail.com>
…stio-ecosystem#1577) Signed-off-by: openshift-service-mesh-bot <openshiftservicemeshbot@gmail.com>
…stio-ecosystem#1579) Signed-off-by: openshift-service-mesh-bot <openshiftservicemeshbot@gmail.com>
The "peerCaCrl" Helm parameter for Ztunnel has been added in the following PR - istio/istio#58132 Now, lets expose it to Sail Operator. Signed-off-by: Maxim Babushkin <mbabushk@redhat.com>
Collaborator
|
We need: istio-ecosystem#1583 to avoid any kind of race condition with arch builds while running multiple test |
…stem#1583) * Adding TARGET_ARCH to tag definition when run on CI true Adding export TAG=pr-- when CI is true to avoid race conditions when building and pushing multiple arch jobs at the same time Signed-off-by: Francisco Herrera <fjglira@gmail.com> * Fix lint Fix lint error: Declare and assign separately to avoid masking return values Signed-off-by: Francisco Herrera <fjglira@gmail.com> * Fix indent Fix indent Signed-off-by: Francisco Herrera <fjglira@gmail.com> --------- Signed-off-by: Francisco Herrera <fjglira@gmail.com>
…stio-ecosystem#1587) Signed-off-by: openshift-service-mesh-bot <openshiftservicemeshbot@gmail.com>
istio-ecosystem#1589) * Improve scorecard test to avoid running on kind cluster inside OCP clusters Signed-off-by: Francisco Herrera <fjglira@gmail.com> * Adding default values to scorecard test Signed-off-by: Francisco Herrera <fjglira@gmail.com> * CHange from review Signed-off-by: Francisco Herrera <fjglira@gmail.com> --------- Signed-off-by: Francisco Herrera <fjglira@gmail.com>
Collaborator
|
/retest |
Collaborator
|
/test ocp-4.20-e2e-ocp |
) Adds a Claude Code slash command (/refactor) that provides structured guidance for refactoring code while maintaining quality and project conventions. The command defines a systematic approach to refactoring that helps ensure changes are methodical, maintain test coverage, and follow project best practices without introducing behavior changes or over-engineering. Signed-off-by: Mike Kolesnik <mkolesni@redhat.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
Collaborator
|
/test ocp-4.21-e2e-ocp |
Collaborator
|
/test ocp-4.20-e2e-ocp-arm |
added 2 commits
February 12, 2026 03:08
* upstream/main: (39 commits) Add Claude /refactor command for code improvements (istio-ecosystem#1489) Improve scorecard test to avoid running on kind cluster inside OCP cl… (istio-ecosystem#1589) Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1587) Adding TARGET_ARCH to tag definition when run on CI true (istio-ecosystem#1583) Expose "peerCaCrl" Ztunnel param added in Helm (istio-ecosystem#1578) Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1579) Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1577) Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1576) feat(helm): add RenderChart functions for template rendering (istio-ecosystem#1575) refactor: extract shared reconciliation logic into pkg/reconcile (istio-ecosystem#1572) Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1573) Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1571) Add automation for updating EOL Istio versions (istio-ecosystem#1562) Fix e2e midstream CI mode (istio-ecosystem#1564) Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1565) Migrate to fs.FS as the sole resource loading interface (istio-ecosystem#1561) Adding documentation for zero downtime ztunnel upgrade (istio-ecosystem#1552) Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1563) Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1560) Automator: Update dependencies in istio-ecosystem/sail-operator@main (istio-ecosystem#1559) ...
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
9 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Generated by Automator - 2026-02-12T03:08:21+00:00